./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor984210056 <...> Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. execve("./syz-executor984210056", ["./syz-executor984210056"], 0x7ffe75e63590 /* 10 vars */) = 0 brk(NULL) = 0x5555563ac000 brk(0x5555563acd40) = 0x5555563acd40 arch_prctl(ARCH_SET_FS, 0x5555563ac3c0) = 0 set_tid_address(0x5555563ac690) = 5054 set_robust_list(0x5555563ac6a0, 24) = 0 rseq(0x5555563acce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor984210056", 4096) = 27 getrandom("\x35\x79\x36\xa0\x5b\x81\xd0\xb7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555563acd40 brk(0x5555563cdd40) = 0x5555563cdd40 brk(0x5555563ce000) = 0x5555563ce000 mprotect(0x7f6a9efcd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.K15EIg", 0700) = 0 chmod("./syzkaller.K15EIg", 0777) = 0 chdir("./syzkaller.K15EIg") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached , child_tidptr=0x5555563ac690) = 5056 [pid 5056] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5056] chdir("./0") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5056] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5057 attached => {parent_tid=[5057]}, 88) = 5057 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] <... rseq resumed>) = 0 [pid 5057] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] <... futex resumed>) = 0 [pid 5057] memfd_create("syzkaller", 0 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] <... memfd_create resumed>) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5057] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] close(4) = 0 [pid 5057] mkdir("./bus", 0777) = 0 [ 63.406843][ T5057] loop0: detected capacity change from 0 to 32768 [ 63.446121][ T5057] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5057) [ 63.472460][ T5057] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 63.483235][ T5057] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 63.503092][ T5057] BTRFS info (device loop0): using free-space-tree [pid 5057] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./bus") = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5057] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... open resumed>) = 4 [pid 5057] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5057] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... open resumed>) = 5 [pid 5057] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5056] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] fallocate(5, 0, 0, 1048820) = 0 [pid 5057] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5057] sendfile(4, 4, NULL, 142609664 [ 63.599645][ T28] audit: type=1800 audit(1708613183.674:2): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 63.619719][ T28] audit: type=1800 audit(1708613183.674:3): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5056] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5056] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5056] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] set_robust_list(0x7f6a9eee29a0, 24 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... set_robust_list resumed>) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] <... futex resumed>) = 0 [pid 5075] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5056] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... open resumed>) = 6 [pid 5075] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5075] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5075] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [ 63.732597][ T28] audit: type=1800 audit(1708613183.804:4): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5075] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] exit_group(0) = ? [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5057] <... sendfile resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 64.181943][ T5057] syz-executor984 (5057) used greatest stack depth: 19120 bytes left [ 64.219300][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5076] chdir("./1") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5076] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5076] <... clone3 resumed> => {parent_tid=[5077]}, 88) = 5077 [pid 5077] <... rseq resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] set_robust_list(0x7f6a9ef039a0, 24 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5077] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] close(4) = 0 [pid 5077] mkdir("./bus", 0777) = 0 [ 64.749190][ T5077] loop0: detected capacity change from 0 to 32768 [ 64.781789][ T5077] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5077) [pid 5077] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./bus") = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 64.801902][ T5077] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 64.813546][ T5077] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 64.823409][ T5077] BTRFS info (device loop0): using free-space-tree [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... open resumed>) = 4 [pid 5077] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5077] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 1 [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5077] fallocate(5, 0, 0, 1048820) = 0 [pid 5077] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5077] sendfile(4, 4, NULL, 142609664 [ 64.884837][ T28] audit: type=1800 audit(1708613184.954:5): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5076] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5076] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5094 attached => {parent_tid=[5094]}, 88) = 5094 [pid 5094] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... rseq resumed>) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] set_robust_list(0x7f6a9eee29a0, 24 [pid 5076] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5094] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [ 64.929495][ T28] audit: type=1800 audit(1708613184.984:6): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5094] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5094] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5076] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5094] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [ 64.969209][ T28] audit: type=1800 audit(1708613185.044:7): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5094] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5076] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5077] <... sendfile resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 65.282966][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x5555563ac690) = 5095 [pid 5095] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5095] chdir("./2") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5095] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5095] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5096] <... rseq resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] set_robust_list(0x7f6a9ef039a0, 24 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5095] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] memfd_create("syzkaller", 0 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] <... memfd_create resumed>) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5096] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./bus", 0777) = 0 [ 65.775312][ T5096] loop0: detected capacity change from 0 to 32768 [ 65.806351][ T5096] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5096) [ 65.829717][ T5096] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 65.841002][ T5096] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 65.851469][ T5096] BTRFS info (device loop0): using free-space-tree [pid 5096] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./bus") = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... open resumed>) = 4 [pid 5096] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5095] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... open resumed>) = 5 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] fallocate(5, 0, 0, 1048820) = 0 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] sendfile(4, 4, NULL, 142609664 [ 65.951721][ T28] audit: type=1800 audit(1708613186.024:8): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 65.976264][ T28] audit: type=1800 audit(1708613186.054:9): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5095] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5095] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5114] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5095] <... futex resumed>) = 0 [pid 5114] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 0 [pid 5114] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5114] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [ 66.101225][ T28] audit: type=1800 audit(1708613186.174:10): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5114] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5114] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5096] <... sendfile resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 66.561222][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5115] chdir("./3" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5115 [pid 5115] <... chdir resumed>) = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5115] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[5116]}, 88) = 5116 [pid 5116] <... rseq resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] set_robust_list(0x7f6a9ef039a0, 24 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5116] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./bus", 0777) = 0 [ 67.059368][ T5116] loop0: detected capacity change from 0 to 32768 [ 67.091682][ T5116] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5116) [pid 5116] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./bus") = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.110931][ T5116] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 67.121618][ T5116] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 67.131624][ T5116] BTRFS info (device loop0): using free-space-tree [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 4 [pid 5116] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5115] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 5 [pid 5116] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] fallocate(5, 0, 0, 1048820 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... fallocate resumed>) = 0 [pid 5116] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] sendfile(4, 4, NULL, 142609664 [ 67.216480][ T28] audit: type=1800 audit(1708613187.294:11): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5115] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5115] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5115] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5133 attached [pid 5133] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5133] set_robust_list(0x7f6a9eee29a0, 24 [pid 5115] <... clone3 resumed> => {parent_tid=[5133]}, 88) = 5133 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5115] <... futex resumed>) = 0 [pid 5133] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5133] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5115] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5116] <... sendfile resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 67.828959][ T5116] syz-executor984 (5116) used greatest stack depth: 18736 bytes left [ 67.855569][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x5555563ac690) = 5134 [pid 5134] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5134] chdir("./4") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5134] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5135 attached => {parent_tid=[5135]}, 88) = 5135 [pid 5135] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5135] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5135] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./bus", 0777) = 0 [ 68.359618][ T5135] loop0: detected capacity change from 0 to 32768 [ 68.413293][ T5135] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5135) [ 68.442574][ T5135] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 68.453563][ T5135] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 68.463801][ T5135] BTRFS info (device loop0): using free-space-tree [pid 5135] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./bus") = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 4 [pid 5135] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 5 [pid 5135] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] fallocate(5, 0, 0, 1048820 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... fallocate resumed>) = 0 [pid 5135] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] sendfile(4, 4, NULL, 142609664 [pid 5134] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5134] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5153] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] <... clone3 resumed> => {parent_tid=[5153]}, 88) = 5153 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5153] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5134] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... open resumed>) = 6 [pid 5153] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5153] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5134] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5153] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [ 68.694656][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 68.694669][ T28] audit: type=1800 audit(1708613188.764:16): pid=5153 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5153] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] exit_group(0 [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5134] <... exit_group resumed>) = ? [pid 5135] <... sendfile resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 69.176521][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x5555563ac690) = 5154 [pid 5154] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5154] chdir("./5") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5154] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5154] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5155] set_robust_list(0x7f6a9ef039a0, 24 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... set_robust_list resumed>) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] <... futex resumed>) = 0 [pid 5155] <... memfd_create resumed>) = 3 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5155] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./bus", 0777) = 0 [ 69.662702][ T5155] loop0: detected capacity change from 0 to 32768 [ 69.698235][ T5155] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5155) [ 69.718484][ T5155] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 69.729107][ T5155] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 69.739656][ T5155] BTRFS info (device loop0): using free-space-tree [pid 5155] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5155] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./bus") = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5155] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... open resumed>) = 4 [pid 5155] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... open resumed>) = 5 [pid 5155] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5155] fallocate(5, 0, 0, 1048820 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... fallocate resumed>) = 0 [pid 5155] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] sendfile(4, 4, NULL, 142609664 [pid 5154] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.847774][ T28] audit: type=1800 audit(1708613189.914:17): pid=5155 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 69.873992][ T28] audit: type=1800 audit(1708613189.924:18): pid=5155 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5154] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5154] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5154] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5173]}, 88) = 5173 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5173 attached [pid 5173] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5173] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5173] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5173] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5154] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [ 69.966526][ T28] audit: type=1800 audit(1708613190.044:19): pid=5173 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5173] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] exit_group(0 [pid 5173] <... futex resumed>) = ? [pid 5154] <... exit_group resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5155] <... sendfile resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 70.337902][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x5555563ac690) = 5174 [pid 5174] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5174] chdir("./6") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5174] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5174] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] <... rseq resumed>) = 0 [pid 5175] set_robust_list(0x7f6a9ef039a0, 24 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... set_robust_list resumed>) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] <... futex resumed>) = 0 [pid 5175] memfd_create("syzkaller", 0 [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] <... memfd_create resumed>) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5175] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [ 70.851575][ T5175] loop0: detected capacity change from 0 to 32768 [ 70.887366][ T5175] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5175) [pid 5175] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 70.915629][ T5175] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 70.926807][ T5175] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 70.937437][ T5175] BTRFS info (device loop0): using free-space-tree [pid 5175] chdir("./bus") = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5175] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5175] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5175] fallocate(5, 0, 0, 1048820) = 0 [pid 5175] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5175] sendfile(4, 4, NULL, 142609664 [ 71.054947][ T28] audit: type=1800 audit(1708613191.114:20): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5174] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5174] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5174] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5193]}, 88) = 5193 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5174] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5193] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5174] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5174] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5193] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [ 71.098929][ T28] audit: type=1800 audit(1708613191.154:21): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.161801][ T28] audit: type=1800 audit(1708613191.224:22): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5193] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5174] <... exit_group resumed>) = ? [pid 5175] <... sendfile resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=53 /* 0.53 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 71.582752][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x5555563ac690) = 5194 [pid 5194] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5194] chdir("./7") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5194] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5195 attached [pid 5195] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5194] <... clone3 resumed> => {parent_tid=[5195]}, 88) = 5195 [pid 5195] <... rseq resumed>) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] set_robust_list(0x7f6a9ef039a0, 24 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5195] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./bus", 0777) = 0 [ 72.060723][ T5195] loop0: detected capacity change from 0 to 32768 [ 72.092139][ T5195] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5195) [pid 5195] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 72.111718][ T5195] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 72.123629][ T5195] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 72.133822][ T5195] BTRFS info (device loop0): using free-space-tree [pid 5195] chdir("./bus") = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... open resumed>) = 4 [pid 5195] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... open resumed>) = 5 [pid 5195] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] fallocate(5, 0, 0, 1048820 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... fallocate resumed>) = 0 [pid 5195] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5194] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] sendfile(4, 4, NULL, 142609664 [pid 5194] <... futex resumed>) = 0 [ 72.233239][ T28] audit: type=1800 audit(1708613192.304:23): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 72.256833][ T28] audit: type=1800 audit(1708613192.334:24): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5194] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5194] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5194] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5213 attached => {parent_tid=[5213]}, 88) = 5213 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5213] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5213] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5213] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5194] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5213] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [ 72.353047][ T28] audit: type=1800 audit(1708613192.424:25): pid=5213 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5213] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5194] <... exit_group resumed>) = ? [pid 5195] <... sendfile resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 72.738485][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x5555563ac690) = 5214 [pid 5214] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5214] chdir("./8") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5214] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5215 attached [pid 5215] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5214] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5215] set_robust_list(0x7f6a9ef039a0, 24 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] memfd_create("syzkaller", 0 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] <... memfd_create resumed>) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5215] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./bus", 0777) = 0 [ 73.223610][ T5215] loop0: detected capacity change from 0 to 32768 [ 73.249838][ T5215] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5215) [pid 5215] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./bus") = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 73.272933][ T5215] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 73.283842][ T5215] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 73.293896][ T5215] BTRFS info (device loop0): using free-space-tree [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... open resumed>) = 4 [pid 5215] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5214] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5215] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] fallocate(5, 0, 0, 1048820) = 0 [pid 5215] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5214] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] sendfile(4, 4, NULL, 142609664 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5214] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5214] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5232] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5214] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5232] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5232] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5232] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5214] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5232] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5232] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5232] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5215] <... sendfile resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=63 /* 0.63 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 73.915746][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x5555563ac690) = 5233 [pid 5233] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5233] chdir("./9") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5233] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5233] <... clone3 resumed> => {parent_tid=[5234]}, 88) = 5234 [pid 5234] <... rseq resumed>) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] set_robust_list(0x7f6a9ef039a0, 24 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] <... futex resumed>) = 0 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5234] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./bus", 0777) = 0 [ 74.423946][ T5234] loop0: detected capacity change from 0 to 32768 [ 74.448077][ T5234] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5234) [ 74.468203][ T5234] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 74.479369][ T5234] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 74.489968][ T5234] BTRFS info (device loop0): using free-space-tree [pid 5234] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./bus") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5234] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] fallocate(5, 0, 0, 1048820 [pid 5233] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... fallocate resumed>) = 0 [pid 5234] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] <... futex resumed>) = 0 [pid 5234] sendfile(4, 4, NULL, 142609664 [ 74.623187][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 74.623201][ T28] audit: type=1800 audit(1708613194.694:29): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 74.653073][ T28] audit: type=1800 audit(1708613194.724:30): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5233] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5233] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5233] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5252 attached => {parent_tid=[5252]}, 88) = 5252 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] <... rseq resumed>) = 0 [pid 5233] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] set_robust_list(0x7f6a9eee29a0, 24 [pid 5233] <... futex resumed>) = 0 [pid 5252] <... set_robust_list resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5252] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5233] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5252] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [ 74.772987][ T28] audit: type=1800 audit(1708613194.844:31): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5252] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] exit_group(0) = ? [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5234] <... sendfile resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 75.119874][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5253] chdir("./10" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5253 [pid 5253] <... chdir resumed>) = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5253] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5253] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] set_robust_list(0x7f6a9ef039a0, 24 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] <... set_robust_list resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] <... futex resumed>) = 0 [pid 5254] memfd_create("syzkaller", 0 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] <... memfd_create resumed>) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5254] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] close(4) = 0 [pid 5254] mkdir("./bus", 0777) = 0 [ 75.676494][ T5254] loop0: detected capacity change from 0 to 32768 [ 75.712810][ T5254] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5254) [pid 5254] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5254] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./bus") = 0 [ 75.731510][ T5254] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 75.744601][ T5254] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 75.754639][ T5254] BTRFS info (device loop0): using free-space-tree [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] <... futex resumed>) = 0 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... open resumed>) = 4 [pid 5254] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5254] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] fallocate(5, 0, 0, 1048820) = 0 [ 75.838509][ T28] audit: type=1800 audit(1708613195.914:32): pid=5254 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 75.866785][ T28] audit: type=1800 audit(1708613195.944:33): pid=5254 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5254] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5254] sendfile(4, 4, NULL, 142609664 [pid 5253] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5253] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5253] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5272 attached [pid 5272] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5253] <... clone3 resumed> => {parent_tid=[5272]}, 88) = 5272 [pid 5272] set_robust_list(0x7f6a9eee29a0, 24 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... set_robust_list resumed>) = 0 [pid 5253] <... futex resumed>) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5272] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5272] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5253] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [ 76.041635][ T28] audit: type=1800 audit(1708613196.114:34): pid=5272 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5272] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5253] <... exit_group resumed>) = ? [pid 5254] <... sendfile resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=56 /* 0.56 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 76.502452][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached , child_tidptr=0x5555563ac690) = 5273 [pid 5273] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5273] chdir("./11") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5273] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5273] <... clone3 resumed> => {parent_tid=[5274]}, 88) = 5274 [pid 5274] set_robust_list(0x7f6a9ef039a0, 24 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] <... set_robust_list resumed>) = 0 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5274] memfd_create("syzkaller", 0 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] <... memfd_create resumed>) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5274] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] close(4) = 0 [pid 5274] mkdir("./bus", 0777) = 0 [ 77.014367][ T5274] loop0: detected capacity change from 0 to 32768 [ 77.035002][ T5274] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5274) [ 77.086694][ T5274] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 77.115027][ T5274] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 77.124507][ T5274] BTRFS info (device loop0): using free-space-tree [pid 5274] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5274] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./bus") = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5274] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [ 77.302408][ T28] audit: type=1800 audit(1708613197.374:35): pid=5274 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5274] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] fallocate(5, 0, 0, 1048820 [pid 5273] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... fallocate resumed>) = 0 [pid 5274] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] sendfile(4, 4, NULL, 142609664 [ 77.359917][ T28] audit: type=1800 audit(1708613197.434:36): pid=5274 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5273] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5273] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5292 attached => {parent_tid=[5292]}, 88) = 5292 [pid 5292] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5292] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5292] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5292] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5292] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5273] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5292] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [ 77.488287][ T28] audit: type=1800 audit(1708613197.554:37): pid=5292 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5292] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] exit_group(0 [pid 5292] <... futex resumed>) = ? [pid 5274] <... sendfile resumed>) = ? [pid 5273] <... exit_group resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 77.832505][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x5555563ac690) = 5293 [pid 5293] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5293] chdir("./12") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5293] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5293] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5294] <... rseq resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f6a9ef039a0, 24 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... futex resumed>) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5294] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] close(4) = 0 [pid 5294] mkdir("./bus", 0777) = 0 [ 78.357009][ T5294] loop0: detected capacity change from 0 to 32768 [ 78.383042][ T5294] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5294) [ 78.405239][ T5294] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 78.415580][ T5294] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 78.425897][ T5294] BTRFS info (device loop0): using free-space-tree [pid 5294] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./bus") = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5294] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... open resumed>) = 5 [pid 5294] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] fallocate(5, 0, 0, 1048820) = 0 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] sendfile(4, 4, NULL, 142609664 [pid 5293] <... futex resumed>) = 0 [ 78.547652][ T28] audit: type=1800 audit(1708613198.624:38): pid=5294 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5293] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5293] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5293] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5312 attached => {parent_tid=[5312]}, 88) = 5312 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5293] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... rseq resumed>) = 0 [pid 5312] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5312] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5312] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5312] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5293] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5312] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5312] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0) = ? [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5294] <... sendfile resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 79.082009][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 5313 ./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5313] chdir("./13") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5313] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5313] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] set_robust_list(0x7f6a9ef039a0, 24 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5314] memfd_create("syzkaller", 0 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] <... memfd_create resumed>) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5314] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] close(4) = 0 [pid 5314] mkdir("./bus", 0777) = 0 [ 79.623649][ T5314] loop0: detected capacity change from 0 to 32768 [ 79.659896][ T5314] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5314) [ 79.687112][ T5314] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 79.699107][ T5314] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 79.709325][ T5314] BTRFS info (device loop0): using free-space-tree [pid 5314] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5314] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./bus") = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... open resumed>) = 4 [pid 5314] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5314] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5314] fallocate(5, 0, 0, 1048820 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... fallocate resumed>) = 0 [pid 5314] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] sendfile(4, 4, NULL, 142609664 [pid 5313] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.833219][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 79.833233][ T28] audit: type=1800 audit(1708613199.904:41): pid=5314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 79.861362][ T28] audit: type=1800 audit(1708613199.924:42): pid=5314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5313] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5313] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5332]}, 88) = 5332 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5332 attached [pid 5332] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5332] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5332] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5332] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [ 79.963845][ T28] audit: type=1800 audit(1708613200.034:43): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5332] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0 [pid 5332] <... futex resumed>) = ? [pid 5313] <... exit_group resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5314] <... sendfile resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 80.318526][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5333 attached , child_tidptr=0x5555563ac690) = 5333 [pid 5333] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5333] chdir("./14") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5333] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5334 attached [pid 5334] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5333] <... clone3 resumed> => {parent_tid=[5334]}, 88) = 5334 [pid 5334] <... rseq resumed>) = 0 [pid 5334] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] memfd_create("syzkaller", 0 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5334] <... memfd_create resumed>) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5334] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] close(4) = 0 [pid 5334] mkdir("./bus", 0777) = 0 [ 80.806684][ T5334] loop0: detected capacity change from 0 to 32768 [ 80.851047][ T5334] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5334) [ 80.871463][ T5334] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 80.882041][ T5334] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 80.892221][ T5334] BTRFS info (device loop0): using free-space-tree [pid 5334] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5334] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./bus") = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_CLR_FD) = 0 [pid 5334] close(4) = 0 [pid 5334] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5333] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... open resumed>) = 4 [pid 5334] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5333] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... open resumed>) = 5 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] fallocate(5, 0, 0, 1048820 [ 80.968690][ T28] audit: type=1800 audit(1708613201.044:44): pid=5334 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... fallocate resumed>) = 0 [pid 5334] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] <... futex resumed>) = 0 [pid 5334] sendfile(4, 4, NULL, 142609664 [ 80.999685][ T28] audit: type=1800 audit(1708613201.074:45): pid=5334 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5333] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5333] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5333] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5352]}, 88) = 5352 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5352 attached [pid 5333] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5352] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5352] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5333] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5352] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [ 81.088098][ T28] audit: type=1800 audit(1708613201.164:46): pid=5352 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5352] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5333] <... exit_group resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5334] <... sendfile resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 81.434934][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5353] chdir("./15") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5353] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[5354]}, 88) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5354] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] close(4) = 0 [pid 5354] mkdir("./bus", 0777) = 0 [ 81.865839][ T5354] loop0: detected capacity change from 0 to 32768 [pid 5354] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5354] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 81.907288][ T5354] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5354) [ 81.928240][ T5354] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 81.939258][ T5354] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 81.948910][ T5354] BTRFS info (device loop0): using free-space-tree [pid 5354] chdir("./bus") = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... open resumed>) = 4 [pid 5354] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5354] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5353] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] fallocate(5, 0, 0, 1048820 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... fallocate resumed>) = 0 [pid 5354] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] sendfile(4, 4, NULL, 142609664 [ 82.030635][ T28] audit: type=1800 audit(1708613202.104:47): pid=5354 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 82.052640][ T28] audit: type=1800 audit(1708613202.124:48): pid=5354 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5353] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5353] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5353] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5371 attached [pid 5371] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5371] set_robust_list(0x7f6a9eee29a0, 24 [pid 5353] <... clone3 resumed> => {parent_tid=[5371]}, 88) = 5371 [pid 5371] <... set_robust_list resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5353] <... futex resumed>) = 0 [pid 5371] <... open resumed>) = 6 [pid 5353] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5371] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5353] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5371] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [ 82.137610][ T55] cfg80211: failed to load regulatory.db [ 82.155121][ T28] audit: type=1800 audit(1708613202.224:49): pid=5371 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5371] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0) = ? [pid 5371] <... futex resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5354] <... sendfile resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 82.605006][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5372] chdir("./16") = 0 [pid 5372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5372 [pid 5372] setpgid(0, 0) = 0 [pid 5372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5372] write(3, "1000", 4) = 4 [pid 5372] close(3) = 0 [pid 5372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5372] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5372] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] <... rseq resumed>) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] set_robust_list(0x7f6a9ef039a0, 24 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] <... set_robust_list resumed>) = 0 [pid 5372] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] <... futex resumed>) = 0 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] memfd_create("syzkaller", 0 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5373] <... memfd_create resumed>) = 3 [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5373] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5373] close(3) = 0 [pid 5373] close(4) = 0 [pid 5373] mkdir("./bus", 0777) = 0 [ 83.007833][ T5373] loop0: detected capacity change from 0 to 32768 [ 83.042872][ T5373] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5373) [ 83.075013][ T5373] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 83.088665][ T5373] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 83.098630][ T5373] BTRFS info (device loop0): using free-space-tree [pid 5373] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5373] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5373] chdir("./bus") = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_CLR_FD) = 0 [pid 5373] close(4) = 0 [pid 5373] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5372] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... open resumed>) = 4 [pid 5373] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... open resumed>) = 5 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] fallocate(5, 0, 0, 1048820) = 0 [pid 5373] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] sendfile(4, 4, NULL, 142609664 [pid 5372] <... futex resumed>) = 0 [ 83.185852][ T28] audit: type=1800 audit(1708613203.254:50): pid=5373 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5372] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5372] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5372] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5391 attached => {parent_tid=[5391]}, 88) = 5391 [pid 5391] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] <... rseq resumed>) = 0 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] set_robust_list(0x7f6a9eee29a0, 24 [pid 5372] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5391] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = 1 [pid 5372] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5391] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = 1 [pid 5391] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] exit_group(0 [pid 5391] <... futex resumed>) = ? [pid 5391] +++ exited with 0 +++ [pid 5372] <... exit_group resumed>) = ? [pid 5373] <... sendfile resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5372, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 83.726246][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached , child_tidptr=0x5555563ac690) = 5392 [pid 5392] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5392] chdir("./17") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5392] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5393 attached [pid 5393] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5392] <... clone3 resumed> => {parent_tid=[5393]}, 88) = 5393 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] <... rseq resumed>) = 0 [pid 5393] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5393] memfd_create("syzkaller", 0 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5393] <... memfd_create resumed>) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5393] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] close(4) = 0 [pid 5393] mkdir("./bus", 0777) = 0 [ 84.244285][ T5393] loop0: detected capacity change from 0 to 32768 [ 84.281257][ T5393] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5393) [pid 5393] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5393] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./bus") = 0 [ 84.307671][ T5393] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 84.318048][ T5393] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 84.327979][ T5393] BTRFS info (device loop0): using free-space-tree [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... open resumed>) = 4 [pid 5393] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... open resumed>) = 5 [pid 5393] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] fallocate(5, 0, 0, 1048820 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... fallocate resumed>) = 0 [pid 5393] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] sendfile(4, 4, NULL, 142609664 [pid 5392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5392] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5392] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5411]}, 88) = 5411 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [pid 5411] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5411] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5411] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5411] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5411] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] exit_group(0 [pid 5411] <... futex resumed>) = ? [pid 5392] <... exit_group resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5393] <... sendfile resumed>) = ? [pid 5393] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 84.838901][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5412 attached , child_tidptr=0x5555563ac690) = 5412 [pid 5412] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5412] chdir("./18") = 0 [pid 5412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5412] setpgid(0, 0) = 0 [pid 5412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5412] write(3, "1000", 4) = 4 [pid 5412] close(3) = 0 [pid 5412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5412] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5413 attached [pid 5413] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5412] <... clone3 resumed> => {parent_tid=[5413]}, 88) = 5413 [pid 5413] <... rseq resumed>) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], [pid 5413] set_robust_list(0x7f6a9ef039a0, 24 [pid 5412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5413] <... set_robust_list resumed>) = 0 [pid 5412] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5412] <... futex resumed>) = 0 [pid 5413] memfd_create("syzkaller", 0 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5413] <... memfd_create resumed>) = 3 [pid 5413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5413] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5413] close(3) = 0 [pid 5413] close(4) = 0 [pid 5413] mkdir("./bus", 0777) = 0 [ 85.297870][ T5413] loop0: detected capacity change from 0 to 32768 [ 85.336556][ T5413] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5413) [ 85.360692][ T5413] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 85.371632][ T5413] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 85.382111][ T5413] BTRFS info (device loop0): using free-space-tree [pid 5413] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5413] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5413] chdir("./bus") = 0 [pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5413] ioctl(4, LOOP_CLR_FD) = 0 [pid 5413] close(4) = 0 [pid 5413] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5412] <... futex resumed>) = 1 [pid 5413] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... open resumed>) = 4 [pid 5413] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5413] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5412] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... open resumed>) = 5 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5413] fallocate(5, 0, 0, 1048820 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... fallocate resumed>) = 0 [pid 5413] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] sendfile(4, 4, NULL, 142609664 [pid 5412] <... futex resumed>) = 0 [ 85.443828][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 85.443842][ T28] audit: type=1800 audit(1708613205.514:56): pid=5413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 85.470597][ T28] audit: type=1800 audit(1708613205.534:57): pid=5413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5412] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5412] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5412] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5412] <... clone3 resumed> => {parent_tid=[5430]}, 88) = 5430 [pid 5430] <... rseq resumed>) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], [pid 5430] set_robust_list(0x7f6a9eee29a0, 24 [pid 5412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5412] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5412] <... futex resumed>) = 0 [pid 5430] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5412] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... open resumed>) = 6 [pid 5430] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5430] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5412] <... futex resumed>) = 0 [pid 5430] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5412] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5430] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [ 85.556125][ T28] audit: type=1800 audit(1708613205.634:58): pid=5430 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5430] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] exit_group(0 [pid 5430] <... futex resumed>) = ? [pid 5412] <... exit_group resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5413] <... sendfile resumed>) = ? [pid 5413] +++ exited with 0 +++ [pid 5412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5412, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 85.872526][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5431 attached , child_tidptr=0x5555563ac690) = 5431 [pid 5431] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5431] chdir("./19") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5431] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5432 attached [pid 5432] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... rseq resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] set_robust_list(0x7f6a9ef039a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] <... futex resumed>) = 0 [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] memfd_create("syzkaller", 0) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5432] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] close(4) = 0 [pid 5432] mkdir("./bus", 0777) = 0 [ 86.323836][ T5432] loop0: detected capacity change from 0 to 32768 [ 86.348844][ T5432] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5432) [pid 5432] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 86.371587][ T5432] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 86.382435][ T5432] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 86.392460][ T5432] BTRFS info (device loop0): using free-space-tree [pid 5432] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./bus") = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5432] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5432] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] fallocate(5, 0, 0, 1048820) = 0 [pid 5432] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 1 [ 86.490602][ T28] audit: type=1800 audit(1708613206.564:59): pid=5432 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 86.511230][ T28] audit: type=1800 audit(1708613206.574:60): pid=5432 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5432] sendfile(4, 4, NULL, 142609664 [pid 5431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5431] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5431] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5449 attached [pid 5449] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5449] set_robust_list(0x7f6a9eee29a0, 24 [pid 5431] <... clone3 resumed> => {parent_tid=[5449]}, 88) = 5449 [pid 5449] <... set_robust_list resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5431] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... open resumed>) = 6 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5431] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5449] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [ 86.605206][ T28] audit: type=1800 audit(1708613206.674:61): pid=5449 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5449] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0 [pid 5449] <... futex resumed>) = ? [pid 5431] <... exit_group resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5432] <... sendfile resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=54 /* 0.54 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 86.979478][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5450 attached , child_tidptr=0x5555563ac690) = 5450 [pid 5450] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5450] chdir("./20") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5450] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5451 attached [pid 5451] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5450] <... clone3 resumed> => {parent_tid=[5451]}, 88) = 5451 [pid 5451] set_robust_list(0x7f6a9ef039a0, 24 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] <... futex resumed>) = 0 [pid 5451] memfd_create("syzkaller", 0 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5451] <... memfd_create resumed>) = 3 [pid 5451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5451] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5451] close(3) = 0 [pid 5451] close(4) = 0 [pid 5451] mkdir("./bus", 0777) = 0 [ 87.476479][ T5451] loop0: detected capacity change from 0 to 32768 [ 87.513162][ T5451] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5451) [ 87.534793][ T5451] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 87.545213][ T5451] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 87.555564][ T5451] BTRFS info (device loop0): using free-space-tree [pid 5451] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5451] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5451] chdir("./bus") = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_CLR_FD) = 0 [pid 5451] close(4) = 0 [pid 5451] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5450] <... futex resumed>) = 0 [pid 5451] <... open resumed>) = 4 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... futex resumed>) = 1 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5451] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] fallocate(5, 0, 0, 1048820 [pid 5450] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... fallocate resumed>) = 0 [pid 5451] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5450] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.672160][ T28] audit: type=1800 audit(1708613207.744:62): pid=5451 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 87.694818][ T28] audit: type=1800 audit(1708613207.764:63): pid=5451 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5451] sendfile(4, 4, NULL, 142609664 [pid 5450] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5450] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5450] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5469]}, 88) = 5469 ./strace-static-x86_64: Process 5469 attached [pid 5469] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5469] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... open resumed>) = 6 [pid 5469] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5469] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 87.806881][ T28] audit: type=1800 audit(1708613207.874:64): pid=5469 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5450] exit_group(0 [pid 5469] <... futex resumed>) = ? [pid 5450] <... exit_group resumed>) = ? [pid 5469] +++ exited with 0 +++ [pid 5451] <... sendfile resumed>) = ? [pid 5451] +++ exited with 0 +++ [pid 5450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5450, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 88.181521][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 5470 ./strace-static-x86_64: Process 5470 attached [pid 5470] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5470] chdir("./21") = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5470] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5471 attached => {parent_tid=[5471]}, 88) = 5471 [pid 5471] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5470] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] <... rseq resumed>) = 0 [pid 5471] set_robust_list(0x7f6a9ef039a0, 24 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] <... set_robust_list resumed>) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5471] memfd_create("syzkaller", 0) = 3 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5471] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5471] close(3) = 0 [pid 5471] close(4) = 0 [pid 5471] mkdir("./bus", 0777) = 0 [ 88.717433][ T5471] loop0: detected capacity change from 0 to 32768 [ 88.744130][ T5471] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5471) [ 88.763814][ T5471] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 88.774313][ T5471] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 88.783836][ T5471] BTRFS info (device loop0): using free-space-tree [pid 5471] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5471] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5471] chdir("./bus") = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_CLR_FD) = 0 [pid 5471] close(4) = 0 [pid 5471] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 0 [pid 5471] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5471] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5470] <... futex resumed>) = 1 [pid 5471] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... open resumed>) = 5 [pid 5471] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5470] <... futex resumed>) = 1 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] fallocate(5, 0, 0, 1048820) = 0 [ 88.887768][ T28] audit: type=1800 audit(1708613208.964:65): pid=5471 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5471] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 0 [pid 5471] sendfile(4, 4, NULL, 142609664 [pid 5470] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5470] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5470] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5470] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5489 attached [pid 5489] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5470] <... clone3 resumed> => {parent_tid=[5489]}, 88) = 5489 [pid 5489] <... rseq resumed>) = 0 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] set_robust_list(0x7f6a9eee29a0, 24 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] <... set_robust_list resumed>) = 0 [pid 5470] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] <... futex resumed>) = 0 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5489] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5489] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5470] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] exit_group(0 [pid 5489] <... futex resumed>) = ? [pid 5470] <... exit_group resumed>) = ? [pid 5489] +++ exited with 0 +++ [pid 5471] <... sendfile resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5470, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 89.367278][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5490 attached , child_tidptr=0x5555563ac690) = 5490 [pid 5490] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5490] chdir("./22") = 0 [pid 5490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5490] setpgid(0, 0) = 0 [pid 5490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5490] write(3, "1000", 4) = 4 [pid 5490] close(3) = 0 [pid 5490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5490] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5491 attached [pid 5491] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5490] <... clone3 resumed> => {parent_tid=[5491]}, 88) = 5491 [pid 5491] <... rseq resumed>) = 0 [pid 5491] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], [pid 5491] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5490] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5491] memfd_create("syzkaller", 0 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5491] <... memfd_create resumed>) = 3 [pid 5491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5491] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5491] close(3) = 0 [pid 5491] close(4) = 0 [pid 5491] mkdir("./bus", 0777) = 0 [ 89.901910][ T5491] loop0: detected capacity change from 0 to 32768 [ 89.929622][ T5491] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5491) [pid 5491] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5491] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5491] chdir("./bus") = 0 [ 89.949421][ T5491] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 89.959735][ T5491] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 89.970722][ T5491] BTRFS info (device loop0): using free-space-tree [pid 5491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5491] ioctl(4, LOOP_CLR_FD) = 0 [pid 5491] close(4) = 0 [pid 5491] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5491] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... open resumed>) = 4 [pid 5491] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 1 [pid 5490] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] fallocate(5, 0, 0, 1048820 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... fallocate resumed>) = 0 [pid 5491] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5491] sendfile(4, 4, NULL, 142609664 [pid 5490] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5490] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5490] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5508 attached [pid 5508] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5490] <... clone3 resumed> => {parent_tid=[5508]}, 88) = 5508 [pid 5508] set_robust_list(0x7f6a9eee29a0, 24 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... set_robust_list resumed>) = 0 [pid 5490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5490] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... open resumed>) = 6 [pid 5508] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5490] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5508] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5508] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] exit_group(0 [pid 5508] <... futex resumed>) = ? [pid 5490] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ [pid 5491] <... sendfile resumed>) = ? [pid 5491] +++ exited with 0 +++ [pid 5490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5490, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=58 /* 0.58 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 90.613141][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5509 attached , child_tidptr=0x5555563ac690) = 5509 [pid 5509] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5509] chdir("./23") = 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5509] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5510 attached [pid 5510] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5509] <... clone3 resumed> => {parent_tid=[5510]}, 88) = 5510 [pid 5510] set_robust_list(0x7f6a9ef039a0, 24 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5510] <... set_robust_list resumed>) = 0 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] memfd_create("syzkaller", 0 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5510] <... memfd_create resumed>) = 3 [pid 5510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5510] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5510] close(3) = 0 [pid 5510] close(4) = 0 [pid 5510] mkdir("./bus", 0777) = 0 [ 91.102062][ T5510] loop0: detected capacity change from 0 to 32768 [ 91.129885][ T5510] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5510) [ 91.148318][ T5510] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 91.159009][ T5510] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 91.169399][ T5510] BTRFS info (device loop0): using free-space-tree [pid 5510] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5510] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5510] chdir("./bus") = 0 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5510] ioctl(4, LOOP_CLR_FD) = 0 [pid 5510] close(4) = 0 [pid 5510] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... open resumed>) = 4 [pid 5510] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5510] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5509] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... open resumed>) = 5 [pid 5509] <... futex resumed>) = 0 [pid 5510] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 0 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5510] fallocate(5, 0, 0, 1048820 [pid 5509] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... fallocate resumed>) = 0 [pid 5509] <... futex resumed>) = 0 [pid 5510] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 0 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5510] sendfile(4, 4, NULL, 142609664 [pid 5509] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.289190][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 91.289205][ T28] audit: type=1800 audit(1708613211.364:71): pid=5510 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5509] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5509] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5509] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5528]}, 88) = 5528 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5509] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5528 attached [pid 5528] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5528] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5528] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5528] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5509] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5509] <... futex resumed>) = 0 [pid 5528] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... futex resumed>) = 0 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 91.357483][ T28] audit: type=1800 audit(1708613211.394:72): pid=5510 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 91.415253][ T28] audit: type=1800 audit(1708613211.474:73): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5528] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] exit_group(0 [pid 5528] <... futex resumed>) = ? [pid 5509] <... exit_group resumed>) = ? [pid 5528] +++ exited with 0 +++ [pid 5510] <... sendfile resumed>) = ? [pid 5510] +++ exited with 0 +++ [pid 5509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=50 /* 0.50 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 91.807808][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5529 attached [pid 5529] set_robust_list(0x5555563ac6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5529 [pid 5529] <... set_robust_list resumed>) = 0 [pid 5529] chdir("./24") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5529] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[5530]}, 88) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] <... rseq resumed>) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] set_robust_list(0x7f6a9ef039a0, 24 [pid 5529] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... set_robust_list resumed>) = 0 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] <... futex resumed>) = 0 [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5530] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] close(4) = 0 [pid 5530] mkdir("./bus", 0777) = 0 [ 92.347629][ T5530] loop0: detected capacity change from 0 to 32768 [ 92.385536][ T5530] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5530) [ 92.405897][ T5530] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 92.416727][ T5530] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 92.427034][ T5530] BTRFS info (device loop0): using free-space-tree [pid 5530] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./bus") = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... open resumed>) = 4 [pid 5530] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5529] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... open resumed>) = 5 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] <... futex resumed>) = 1 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] fallocate(5, 0, 0, 1048820) = 0 [pid 5530] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 1 [pid 5530] sendfile(4, 4, NULL, 142609664 [pid 5529] <... futex resumed>) = 0 [ 92.518329][ T28] audit: type=1800 audit(1708613212.594:74): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 92.538858][ T28] audit: type=1800 audit(1708613212.604:75): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5529] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5529] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5547 attached => {parent_tid=[5547]}, 88) = 5547 [pid 5547] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] set_robust_list(0x7f6a9eee29a0, 24 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] <... set_robust_list resumed>) = 0 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5529] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... open resumed>) = 6 [pid 5547] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5547] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [ 92.619450][ T28] audit: type=1800 audit(1708613212.694:76): pid=5547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5547] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] exit_group(0 [pid 5547] <... futex resumed>) = ? [pid 5530] <... sendfile resumed>) = ? [pid 5529] <... exit_group resumed>) = ? [pid 5547] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5529, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 93.040555][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5548 attached , child_tidptr=0x5555563ac690) = 5548 [pid 5548] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5548] chdir("./25") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5548] setpgid(0, 0) = 0 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5548] write(3, "1000", 4) = 4 [pid 5548] close(3) = 0 [pid 5548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5548] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5548] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5549] set_robust_list(0x7f6a9ef039a0, 24 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... set_robust_list resumed>) = 0 [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5548] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] memfd_create("syzkaller", 0 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] <... memfd_create resumed>) = 3 [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5549] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5549] close(3) = 0 [pid 5549] close(4) = 0 [pid 5549] mkdir("./bus", 0777) = 0 [ 93.517557][ T5549] loop0: detected capacity change from 0 to 32768 [ 93.544245][ T5549] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5549) [pid 5549] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5549] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./bus") = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 93.565671][ T5549] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 93.576135][ T5549] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 93.586633][ T5549] BTRFS info (device loop0): using free-space-tree [pid 5549] ioctl(4, LOOP_CLR_FD) = 0 [pid 5549] close(4) = 0 [pid 5549] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5548] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... open resumed>) = 4 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5548] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... open resumed>) = 5 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] fallocate(5, 0, 0, 1048820) = 0 [pid 5549] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [ 93.667773][ T28] audit: type=1800 audit(1708613213.744:77): pid=5549 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 93.688252][ T28] audit: type=1800 audit(1708613213.744:78): pid=5549 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5549] sendfile(4, 4, NULL, 142609664 [pid 5548] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5548] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5548] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5566]}, 88) = 5566 ./strace-static-x86_64: Process 5566 attached [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5566] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5566] <... rseq resumed>) = 0 [pid 5548] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] set_robust_list(0x7f6a9eee29a0, 24 [pid 5548] <... futex resumed>) = 0 [pid 5566] <... set_robust_list resumed>) = 0 [pid 5548] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5566] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5566] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = 1 [pid 5566] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5566] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 93.779985][ T28] audit: type=1800 audit(1708613213.854:79): pid=5566 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5548] exit_group(0 [pid 5566] <... futex resumed>) = ? [pid 5548] <... exit_group resumed>) = ? [pid 5566] +++ exited with 0 +++ [pid 5549] <... sendfile resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5548, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=65 /* 0.65 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 94.359298][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5567 attached , child_tidptr=0x5555563ac690) = 5567 [pid 5567] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5567] chdir("./26") = 0 [pid 5567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5567] setpgid(0, 0) = 0 [pid 5567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5567] write(3, "1000", 4) = 4 [pid 5567] close(3) = 0 [pid 5567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5567] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5567] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5568 attached [pid 5568] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5567] <... clone3 resumed> => {parent_tid=[5568]}, 88) = 5568 [pid 5568] <... rseq resumed>) = 0 [pid 5567] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] set_robust_list(0x7f6a9ef039a0, 24 [pid 5567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5568] <... set_robust_list resumed>) = 0 [pid 5567] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5567] <... futex resumed>) = 0 [pid 5568] memfd_create("syzkaller", 0 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5568] <... memfd_create resumed>) = 3 [pid 5568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5568] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5568] close(3) = 0 [pid 5568] close(4) = 0 [pid 5568] mkdir("./bus", 0777) = 0 [ 94.867492][ T5568] loop0: detected capacity change from 0 to 32768 [ 94.895689][ T5568] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5568) [ 94.919413][ T5568] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 94.929922][ T5568] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 94.943830][ T5568] BTRFS info (device loop0): using free-space-tree [pid 5568] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5568] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5568] chdir("./bus") = 0 [pid 5568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5568] ioctl(4, LOOP_CLR_FD) = 0 [pid 5568] close(4) = 0 [pid 5568] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... open resumed>) = 4 [pid 5568] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5567] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5567] <... futex resumed>) = 0 [pid 5568] <... open resumed>) = 5 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5567] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] fallocate(5, 0, 0, 1048820 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... fallocate resumed>) = 0 [pid 5568] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5568] sendfile(4, 4, NULL, 142609664 [pid 5567] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.079842][ T28] audit: type=1800 audit(1708613215.154:80): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5567] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5567] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5567] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5586]}, 88) = 5586 [pid 5567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5567] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5586] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5586] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5586] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5567] <... futex resumed>) = 1 [pid 5586] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5567] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5586] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5586] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] exit_group(0 [pid 5586] <... futex resumed>) = ? [pid 5567] <... exit_group resumed>) = ? [pid 5586] +++ exited with 0 +++ [pid 5568] <... sendfile resumed>) = ? [pid 5568] +++ exited with 0 +++ [pid 5567] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5567, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 95.511873][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5587 attached , child_tidptr=0x5555563ac690) = 5587 [pid 5587] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5587] chdir("./27") = 0 [pid 5587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5587] setpgid(0, 0) = 0 [pid 5587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5587] write(3, "1000", 4) = 4 [pid 5587] close(3) = 0 [pid 5587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5587] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[5588]}, 88) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], [pid 5588] <... rseq resumed>) = 0 [pid 5587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5588] set_robust_list(0x7f6a9ef039a0, 24 [pid 5587] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... set_robust_list resumed>) = 0 [pid 5587] <... futex resumed>) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5588] memfd_create("syzkaller", 0) = 3 [pid 5588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5588] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5588] close(3) = 0 [pid 5588] close(4) = 0 [pid 5588] mkdir("./bus", 0777) = 0 [ 95.987934][ T5588] loop0: detected capacity change from 0 to 32768 [ 96.015768][ T5588] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5588) [ 96.035723][ T5588] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 96.046496][ T5588] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 96.056587][ T5588] BTRFS info (device loop0): using free-space-tree [pid 5588] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5588] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5588] chdir("./bus") = 0 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5588] ioctl(4, LOOP_CLR_FD) = 0 [pid 5588] close(4) = 0 [pid 5588] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5588] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5587] <... futex resumed>) = 0 [pid 5588] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... open resumed>) = 4 [pid 5588] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... open resumed>) = 5 [pid 5588] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... futex resumed>) = 1 [pid 5588] fallocate(5, 0, 0, 1048820) = 0 [pid 5588] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5588] sendfile(4, 4, NULL, 142609664 [pid 5587] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5587] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5587] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5606]}, 88) = 5606 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5587] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5606 attached [pid 5606] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5606] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5606] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5587] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5587] <... futex resumed>) = 0 [pid 5606] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5587] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] exit_group(0 [pid 5606] <... futex resumed>) = ? [pid 5606] +++ exited with 0 +++ [pid 5587] <... exit_group resumed>) = ? [pid 5588] <... sendfile resumed>) = ? [pid 5588] +++ exited with 0 +++ [pid 5587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5587, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 96.637188][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached , child_tidptr=0x5555563ac690) = 5607 [pid 5607] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5607] chdir("./28") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5607] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5608 attached => {parent_tid=[5608]}, 88) = 5608 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5607] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] set_robust_list(0x7f6a9ef039a0, 24 [pid 5607] <... futex resumed>) = 0 [pid 5608] <... set_robust_list resumed>) = 0 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] memfd_create("syzkaller", 0) = 3 [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5608] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] close(4) = 0 [pid 5608] mkdir("./bus", 0777) = 0 [ 97.118276][ T5608] loop0: detected capacity change from 0 to 32768 [ 97.152618][ T5608] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5608) [ 97.182235][ T5608] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 97.193519][ T5608] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 97.204101][ T5608] BTRFS info (device loop0): using free-space-tree [pid 5608] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5608] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./bus") = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_CLR_FD) = 0 [pid 5608] close(4) = 0 [pid 5608] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5608] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... open resumed>) = 4 [pid 5608] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5608] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 97.289736][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 97.289752][ T28] audit: type=1800 audit(1708613217.364:86): pid=5608 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... open resumed>) = 5 [pid 5608] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5608] fallocate(5, 0, 0, 1048820 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... fallocate resumed>) = 0 [pid 5608] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [ 97.323756][ T28] audit: type=1800 audit(1708613217.394:87): pid=5608 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5608] sendfile(4, 4, NULL, 142609664 [pid 5607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5607] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5607] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5607] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5626 attached => {parent_tid=[5626]}, 88) = 5626 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5607] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5626] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5626] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5626] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5626] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5626] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... futex resumed>) = 1 [pid 5607] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 97.437391][ T28] audit: type=1800 audit(1708613217.514:88): pid=5626 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5607] exit_group(0 [pid 5626] <... futex resumed>) = ? [pid 5626] +++ exited with 0 +++ [pid 5607] <... exit_group resumed>) = ? [pid 5608] <... sendfile resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 97.968910][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5627 attached , child_tidptr=0x5555563ac690) = 5627 [pid 5627] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5627] chdir("./29") = 0 [pid 5627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5627] setpgid(0, 0) = 0 [pid 5627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5627] write(3, "1000", 4) = 4 [pid 5627] close(3) = 0 [pid 5627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5627] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5628 attached => {parent_tid=[5628]}, 88) = 5628 [pid 5628] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] <... rseq resumed>) = 0 [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] set_robust_list(0x7f6a9ef039a0, 24 [pid 5627] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... set_robust_list resumed>) = 0 [pid 5627] <... futex resumed>) = 0 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] memfd_create("syzkaller", 0) = 3 [pid 5628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5628] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5628] close(3) = 0 [pid 5628] close(4) = 0 [pid 5628] mkdir("./bus", 0777) = 0 [ 98.470904][ T5628] loop0: detected capacity change from 0 to 32768 [ 98.492222][ T5628] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5628) [ 98.509829][ T5628] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 5628] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5628] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5628] chdir("./bus") = 0 [pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 98.520434][ T5628] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 98.530436][ T5628] BTRFS info (device loop0): using free-space-tree [pid 5628] ioctl(4, LOOP_CLR_FD) = 0 [pid 5628] close(4) = 0 [pid 5628] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5628] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5628] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... open resumed>) = 4 [pid 5628] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] <... futex resumed>) = 0 [pid 5628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5627] <... futex resumed>) = 0 [pid 5628] <... open resumed>) = 5 [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5628] fallocate(5, 0, 0, 1048820 [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... fallocate resumed>) = 0 [pid 5628] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5628] sendfile(4, 4, NULL, 142609664 [pid 5627] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.614620][ T28] audit: type=1800 audit(1708613218.684:89): pid=5628 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 98.635800][ T28] audit: type=1800 audit(1708613218.714:90): pid=5628 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5627] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5627] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5627] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5627] <... clone3 resumed> => {parent_tid=[5645]}, 88) = 5645 [pid 5645] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5627] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... open resumed>) = 6 [pid 5645] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5645] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] <... futex resumed>) = 0 [pid 5645] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5627] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5645] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [ 98.728336][ T28] audit: type=1800 audit(1708613218.804:91): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5645] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] exit_group(0 [pid 5645] <... futex resumed>) = ? [pid 5627] <... exit_group resumed>) = ? [pid 5645] +++ exited with 0 +++ [pid 5628] <... sendfile resumed>) = ? [pid 5628] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5627, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 99.169345][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5646 attached , child_tidptr=0x5555563ac690) = 5646 [pid 5646] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5646] chdir("./30") = 0 [pid 5646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5646] setpgid(0, 0) = 0 [pid 5646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5646] write(3, "1000", 4) = 4 [pid 5646] close(3) = 0 [pid 5646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5646] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5647 attached [pid 5647] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5646] <... clone3 resumed> => {parent_tid=[5647]}, 88) = 5647 [pid 5647] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] memfd_create("syzkaller", 0 [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5647] <... memfd_create resumed>) = 3 [pid 5647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5647] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5647] close(3) = 0 [pid 5647] close(4) = 0 [pid 5647] mkdir("./bus", 0777) = 0 [ 99.578974][ T5647] loop0: detected capacity change from 0 to 32768 [ 99.616072][ T5647] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5647) [pid 5647] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 99.645925][ T5647] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 99.656970][ T5647] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 99.667176][ T5647] BTRFS info (device loop0): using free-space-tree [pid 5647] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5647] chdir("./bus") = 0 [pid 5647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5647] ioctl(4, LOOP_CLR_FD) = 0 [pid 5647] close(4) = 0 [pid 5647] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... open resumed>) = 4 [pid 5647] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5647] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 99.759827][ T28] audit: type=1800 audit(1708613219.834:92): pid=5647 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... open resumed>) = 5 [pid 5647] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] fallocate(5, 0, 0, 1048820) = 0 [pid 5647] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5646] <... futex resumed>) = 0 [pid 5647] sendfile(4, 4, NULL, 142609664 [ 99.818777][ T28] audit: type=1800 audit(1708613219.894:93): pid=5647 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5646] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5646] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5646] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5665]}, 88) = 5665 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5646] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5665 attached ) = 0 [pid 5665] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5646] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... rseq resumed>) = 0 [pid 5665] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5665] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... futex resumed>) = 1 [pid 5665] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5665] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [ 99.923409][ T28] audit: type=1800 audit(1708613219.994:94): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5665] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] exit_group(0 [pid 5665] <... futex resumed>) = ? [pid 5646] <... exit_group resumed>) = ? [pid 5665] +++ exited with 0 +++ [pid 5647] <... sendfile resumed>) = ? [pid 5647] +++ exited with 0 +++ [pid 5646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5646, si_uid=0, si_status=0, si_utime=0, si_stime=58 /* 0.58 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 100.433836][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5667 attached , child_tidptr=0x5555563ac690) = 5667 [pid 5667] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5667] chdir("./31") = 0 [pid 5667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5667] setpgid(0, 0) = 0 [pid 5667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5667] write(3, "1000", 4) = 4 [pid 5667] close(3) = 0 [pid 5667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5667] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5668 attached [pid 5668] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5667] <... clone3 resumed> => {parent_tid=[5668]}, 88) = 5668 [pid 5668] <... rseq resumed>) = 0 [pid 5668] set_robust_list(0x7f6a9ef039a0, 24 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] <... set_robust_list resumed>) = 0 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] <... futex resumed>) = 0 [pid 5668] memfd_create("syzkaller", 0 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5668] <... memfd_create resumed>) = 3 [pid 5668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5668] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5668] close(3) = 0 [pid 5668] close(4) = 0 [pid 5668] mkdir("./bus", 0777) = 0 [ 100.941361][ T5668] loop0: detected capacity change from 0 to 32768 [ 100.965223][ T5668] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5668) [ 100.984827][ T5668] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 100.995706][ T5668] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 101.005743][ T5668] BTRFS info (device loop0): using free-space-tree [pid 5668] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5668] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5668] chdir("./bus") = 0 [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5668] ioctl(4, LOOP_CLR_FD) = 0 [pid 5668] close(4) = 0 [pid 5668] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5667] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5667] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5667] <... futex resumed>) = 0 [pid 5668] <... open resumed>) = 5 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] fallocate(5, 0, 0, 1048820) = 0 [pid 5668] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5667] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 101.088875][ T28] audit: type=1800 audit(1708613221.164:95): pid=5668 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5668] sendfile(4, 4, NULL, 142609664 [pid 5667] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5667] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5667] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5687 attached [pid 5687] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5687] set_robust_list(0x7f6a9eee29a0, 24 [pid 5667] <... clone3 resumed> => {parent_tid=[5687]}, 88) = 5687 [pid 5687] <... set_robust_list resumed>) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5667] <... futex resumed>) = 0 [pid 5687] <... open resumed>) = 6 [pid 5667] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5687] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5667] <... futex resumed>) = 0 [pid 5687] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5667] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5687] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] exit_group(0 [pid 5687] <... futex resumed>) = ? [pid 5667] <... exit_group resumed>) = ? [pid 5687] +++ exited with 0 +++ [pid 5668] <... sendfile resumed>) = ? [pid 5668] +++ exited with 0 +++ [pid 5667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5667, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=62 /* 0.62 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 101.757473][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5689 attached , child_tidptr=0x5555563ac690) = 5689 [pid 5689] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5689] chdir("./32") = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5689] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5690 attached [pid 5690] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5689] <... clone3 resumed> => {parent_tid=[5690]}, 88) = 5690 [pid 5690] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5689] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] memfd_create("syzkaller", 0 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5690] <... memfd_create resumed>) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5690] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5690] close(3) = 0 [pid 5690] close(4) = 0 [pid 5690] mkdir("./bus", 0777) = 0 [ 102.241406][ T5690] loop0: detected capacity change from 0 to 32768 [ 102.291138][ T5690] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5690) [ 102.313226][ T5690] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 102.324276][ T5690] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 102.335147][ T5690] BTRFS info (device loop0): using free-space-tree [pid 5690] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5690] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./bus") = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... open resumed>) = 4 [pid 5690] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5690] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5690] fallocate(5, 0, 0, 1048820 [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... fallocate resumed>) = 0 [pid 5690] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 102.451747][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 102.451761][ T28] audit: type=1800 audit(1708613222.524:98): pid=5690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5690] sendfile(4, 4, NULL, 142609664 [pid 5689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5689] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5689] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5710 attached => {parent_tid=[5710]}, 88) = 5710 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5689] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5710] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5710] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5710] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 0 [pid 5710] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5710] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [ 102.492893][ T28] audit: type=1800 audit(1708613222.554:99): pid=5690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 102.556339][ T28] audit: type=1800 audit(1708613222.624:100): pid=5710 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5710] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] exit_group(0) = ? [pid 5710] <... futex resumed>) = ? [pid 5710] +++ exited with 0 +++ [pid 5690] <... sendfile resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5689, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 102.853595][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5711 attached , child_tidptr=0x5555563ac690) = 5711 [pid 5711] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5711] chdir("./33") = 0 [pid 5711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5711] setpgid(0, 0) = 0 [pid 5711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5711] write(3, "1000", 4) = 4 [pid 5711] close(3) = 0 [pid 5711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5711] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5712 attached [pid 5712] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5711] <... clone3 resumed> => {parent_tid=[5712]}, 88) = 5712 [pid 5712] <... rseq resumed>) = 0 [pid 5711] rt_sigprocmask(SIG_SETMASK, [], [pid 5712] set_robust_list(0x7f6a9ef039a0, 24 [pid 5711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5712] <... set_robust_list resumed>) = 0 [pid 5711] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5711] <... futex resumed>) = 0 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5712] memfd_create("syzkaller", 0 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5712] <... memfd_create resumed>) = 3 [pid 5712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5712] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5712] close(3) = 0 [pid 5712] close(4) = 0 [pid 5712] mkdir("./bus", 0777) = 0 [ 103.390771][ T5712] loop0: detected capacity change from 0 to 32768 [ 103.425547][ T5712] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5712) [ 103.444026][ T5712] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 103.456226][ T5712] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 103.465946][ T5712] BTRFS info (device loop0): using free-space-tree [pid 5712] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5712] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5712] chdir("./bus") = 0 [pid 5712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5712] ioctl(4, LOOP_CLR_FD) = 0 [pid 5712] close(4) = 0 [pid 5712] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5712] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5711] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5711] <... futex resumed>) = 0 [pid 5712] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... open resumed>) = 4 [pid 5712] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5712] <... futex resumed>) = 1 [pid 5711] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... open resumed>) = 5 [pid 5712] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... futex resumed>) = 1 [pid 5712] fallocate(5, 0, 0, 1048820) = 0 [pid 5712] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... futex resumed>) = 1 [ 103.600153][ T28] audit: type=1800 audit(1708613223.674:101): pid=5712 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 103.621775][ T28] audit: type=1800 audit(1708613223.684:102): pid=5712 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5712] sendfile(4, 4, NULL, 142609664 [pid 5711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5711] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5711] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5730 attached => {parent_tid=[5730]}, 88) = 5730 [pid 5711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5711] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5711] <... futex resumed>) = 0 [pid 5730] <... rseq resumed>) = 0 [pid 5711] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5730] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5730] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = 1 [pid 5730] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5711] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5730] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [ 103.708056][ T28] audit: type=1800 audit(1708613223.784:103): pid=5730 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5730] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5711] exit_group(0 [pid 5730] <... futex resumed>) = ? [pid 5730] +++ exited with 0 +++ [pid 5712] <... sendfile resumed>) = ? [pid 5711] <... exit_group resumed>) = ? [pid 5712] +++ exited with 0 +++ [pid 5711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5711, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 104.148110][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached , child_tidptr=0x5555563ac690) = 5731 [pid 5731] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5731] chdir("./34") = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5731] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5731] <... clone3 resumed> => {parent_tid=[5732]}, 88) = 5732 [pid 5732] <... rseq resumed>) = 0 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], [pid 5732] set_robust_list(0x7f6a9ef039a0, 24 [pid 5731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5732] <... set_robust_list resumed>) = 0 [pid 5731] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], [pid 5731] <... futex resumed>) = 0 [pid 5732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5732] memfd_create("syzkaller", 0) = 3 [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5732] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5732] close(3) = 0 [pid 5732] close(4) = 0 [pid 5732] mkdir("./bus", 0777) = 0 [ 104.625498][ T5732] loop0: detected capacity change from 0 to 32768 [ 104.666268][ T5732] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5732) [ 104.685551][ T5732] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 104.697374][ T5732] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 104.707639][ T5732] BTRFS info (device loop0): using free-space-tree [pid 5732] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5732] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5732] chdir("./bus") = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5732] ioctl(4, LOOP_CLR_FD) = 0 [pid 5732] close(4) = 0 [pid 5732] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5731] <... futex resumed>) = 1 [pid 5732] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... open resumed>) = 4 [pid 5732] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5732] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5731] <... futex resumed>) = 0 [pid 5732] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... open resumed>) = 5 [pid 5732] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5732] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5731] <... futex resumed>) = 0 [pid 5732] fallocate(5, 0, 0, 1048820 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... fallocate resumed>) = 0 [pid 5732] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5732] sendfile(4, 4, NULL, 142609664 [pid 5731] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.799193][ T28] audit: type=1800 audit(1708613224.854:104): pid=5732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 104.823807][ T28] audit: type=1800 audit(1708613224.864:105): pid=5732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5731] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5731] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5731] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5749 attached => {parent_tid=[5749]}, 88) = 5749 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5749] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5749] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5731] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5749] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = 1 [ 104.909309][ T28] audit: type=1800 audit(1708613224.984:106): pid=5749 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5749] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] exit_group(0) = ? [pid 5749] <... futex resumed>) = ? [pid 5749] +++ exited with 0 +++ [pid 5732] <... sendfile resumed>) = ? [pid 5732] +++ exited with 0 +++ [pid 5731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5731, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=58 /* 0.58 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 105.437040][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached , child_tidptr=0x5555563ac690) = 5750 [pid 5750] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5750] chdir("./35") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5750] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5751 attached => {parent_tid=[5751]}, 88) = 5751 [pid 5751] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5751] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5751] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5750] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5751] memfd_create("syzkaller", 0) = 3 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5751] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5751] close(3) = 0 [pid 5751] close(4) = 0 [pid 5751] mkdir("./bus", 0777) = 0 [ 105.912528][ T5751] loop0: detected capacity change from 0 to 32768 [ 105.937508][ T5751] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5751) [ 105.954421][ T5751] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 105.967991][ T5751] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 105.977889][ T5751] BTRFS info (device loop0): using free-space-tree [pid 5751] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5751] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5751] chdir("./bus") = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_CLR_FD) = 0 [pid 5751] close(4) = 0 [pid 5751] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] <... futex resumed>) = 0 [pid 5751] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... open resumed>) = 4 [pid 5751] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5751] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] fallocate(5, 0, 0, 1048820 [pid 5750] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... fallocate resumed>) = 0 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] <... futex resumed>) = 0 [pid 5750] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] sendfile(4, 4, NULL, 142609664 [pid 5750] <... futex resumed>) = 0 [ 106.079831][ T28] audit: type=1800 audit(1708613226.154:107): pid=5751 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5750] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5750] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5750] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[5769]}, 88) = 5769 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5769 attached [pid 5769] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5769] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5769] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5769] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5769] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5769] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] exit_group(0 [pid 5769] <... futex resumed>) = ? [pid 5750] <... exit_group resumed>) = ? [pid 5769] +++ exited with 0 +++ [pid 5751] <... sendfile resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 106.550446][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5770 attached , child_tidptr=0x5555563ac690) = 5770 [pid 5770] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5770] chdir("./36") = 0 [pid 5770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5770] setpgid(0, 0) = 0 [pid 5770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5770] write(3, "1000", 4) = 4 [pid 5770] close(3) = 0 [pid 5770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5770] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5770] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5771 attached [pid 5771] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5771] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] <... clone3 resumed> => {parent_tid=[5771]}, 88) = 5771 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5770] <... futex resumed>) = 1 [pid 5771] memfd_create("syzkaller", 0 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5771] <... memfd_create resumed>) = 3 [pid 5771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5771] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5771] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5771] close(3) = 0 [pid 5771] close(4) = 0 [pid 5771] mkdir("./bus", 0777) = 0 [ 107.081232][ T5771] loop0: detected capacity change from 0 to 32768 [ 107.107277][ T5771] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5771) [ 107.123690][ T5771] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 107.137665][ T5771] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 107.147791][ T5771] BTRFS info (device loop0): using free-space-tree [pid 5771] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5771] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5771] chdir("./bus") = 0 [pid 5771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5771] ioctl(4, LOOP_CLR_FD) = 0 [pid 5771] close(4) = 0 [pid 5771] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5770] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... open resumed>) = 4 [pid 5771] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5771] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... open resumed>) = 5 [pid 5771] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] fallocate(5, 0, 0, 1048820 [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... fallocate resumed>) = 0 [pid 5771] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5771] sendfile(4, 4, NULL, 142609664 [pid 5770] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5770] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5770] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5770] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5789 attached => {parent_tid=[5789]}, 88) = 5789 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5789] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5789] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5789] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5789] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5789] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5789] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] exit_group(0 [pid 5789] <... futex resumed>) = ? [pid 5770] <... exit_group resumed>) = ? [pid 5789] +++ exited with 0 +++ [pid 5771] <... sendfile resumed>) = ? [pid 5771] +++ exited with 0 +++ [pid 5770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5770, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 107.759086][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5790 attached , child_tidptr=0x5555563ac690) = 5790 [pid 5790] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5790] chdir("./37") = 0 [pid 5790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5790] setpgid(0, 0) = 0 [pid 5790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5790] write(3, "1000", 4) = 4 [pid 5790] close(3) = 0 [pid 5790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5790] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5791 attached [pid 5791] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5790] <... clone3 resumed> => {parent_tid=[5791]}, 88) = 5791 [pid 5791] <... rseq resumed>) = 0 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] set_robust_list(0x7f6a9ef039a0, 24 [pid 5790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] <... set_robust_list resumed>) = 0 [pid 5790] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] <... futex resumed>) = 0 [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5791] memfd_create("syzkaller", 0) = 3 [pid 5791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5791] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5791] close(3) = 0 [pid 5791] close(4) = 0 [pid 5791] mkdir("./bus", 0777) = 0 [ 108.241375][ T5791] loop0: detected capacity change from 0 to 32768 [ 108.267162][ T5791] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5791) [pid 5791] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 108.289655][ T5791] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 108.300242][ T5791] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 108.311016][ T5791] BTRFS info (device loop0): using free-space-tree [pid 5791] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5791] chdir("./bus") = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5791] ioctl(4, LOOP_CLR_FD) = 0 [pid 5791] close(4) = 0 [pid 5791] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5790] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5790] <... futex resumed>) = 0 [pid 5791] <... open resumed>) = 4 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 1 [pid 5790] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5791] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5791] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5790] <... futex resumed>) = 0 [pid 5791] fallocate(5, 0, 0, 1048820 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... fallocate resumed>) = 0 [pid 5791] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5791] sendfile(4, 4, NULL, 142609664 [pid 5790] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.409530][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 108.409545][ T28] audit: type=1800 audit(1708613228.484:113): pid=5791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 108.436447][ T28] audit: type=1800 audit(1708613228.504:114): pid=5791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5790] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5790] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5790] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5809 attached => {parent_tid=[5809]}, 88) = 5809 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5790] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5809] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5809] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5790] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5809] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [ 108.538930][ T28] audit: type=1800 audit(1708613228.614:115): pid=5809 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5809] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] exit_group(0 [pid 5809] <... futex resumed>) = ? [pid 5790] <... exit_group resumed>) = ? [pid 5809] +++ exited with 0 +++ [pid 5791] <... sendfile resumed>) = ? [pid 5791] +++ exited with 0 +++ [pid 5790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5790, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 108.923201][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5810 attached , child_tidptr=0x5555563ac690) = 5810 [pid 5810] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5810] chdir("./38") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5810] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5811 attached => {parent_tid=[5811]}, 88) = 5811 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5811] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] close(4) = 0 [pid 5811] mkdir("./bus", 0777) = 0 [ 109.422055][ T5811] loop0: detected capacity change from 0 to 32768 [ 109.449497][ T5811] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5811) [pid 5811] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5811] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./bus") = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [pid 5811] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 109.466126][ T5811] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 109.476495][ T5811] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 109.486051][ T5811] BTRFS info (device loop0): using free-space-tree [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5811] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... open resumed>) = 5 [pid 5811] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] <... futex resumed>) = 0 [pid 5811] fallocate(5, 0, 0, 1048820 [pid 5810] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... fallocate resumed>) = 0 [pid 5811] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] sendfile(4, 4, NULL, 142609664 [pid 5810] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.516973][ T28] audit: type=1800 audit(1708613229.594:116): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 109.539952][ T28] audit: type=1800 audit(1708613229.624:117): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5810] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5810] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5810] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5827 attached [pid 5827] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5827] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] <... clone3 resumed> => {parent_tid=[5827]}, 88) = 5827 [pid 5827] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5827] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5810] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... open resumed>) = 6 [pid 5827] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = 0 [pid 5827] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5810] <... futex resumed>) = 1 [pid 5810] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5827] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [ 109.661292][ T28] audit: type=1800 audit(1708613229.734:118): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5827] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] exit_group(0 [pid 5827] <... futex resumed>) = ? [pid 5810] <... exit_group resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5811] <... sendfile resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 110.031210][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached [pid 5828] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5828] chdir("./39" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5828 [pid 5828] <... chdir resumed>) = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5828] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[5829]}, 88) = 5829 ./strace-static-x86_64: Process 5829 attached [pid 5829] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... rseq resumed>) = 0 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] set_robust_list(0x7f6a9ef039a0, 24 [pid 5828] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] memfd_create("syzkaller", 0) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5829] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./bus", 0777) = 0 [ 110.562390][ T5829] loop0: detected capacity change from 0 to 32768 [ 110.588330][ T5829] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5829) [ 110.609157][ T5829] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 110.619882][ T5829] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 110.630081][ T5829] BTRFS info (device loop0): using free-space-tree [pid 5829] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5829] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] chdir("./bus") = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] close(4) = 0 [pid 5829] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5829] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5829] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... open resumed>) = 4 [pid 5829] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5829] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5829] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5829] fallocate(5, 0, 0, 1048820) = 0 [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5828] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] sendfile(4, 4, NULL, 142609664 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5828] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [ 110.753605][ T28] audit: type=1800 audit(1708613230.824:119): pid=5829 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 110.781588][ T28] audit: type=1800 audit(1708613230.854:120): pid=5829 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5828] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5847 attached [pid 5847] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5828] <... clone3 resumed> => {parent_tid=[5847]}, 88) = 5847 [pid 5847] <... rseq resumed>) = 0 [pid 5847] set_robust_list(0x7f6a9eee29a0, 24 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... set_robust_list resumed>) = 0 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5847] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5828] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... open resumed>) = 6 [pid 5847] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5847] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] <... futex resumed>) = 0 [ 110.868315][ T28] audit: type=1800 audit(1708613230.944:121): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5828] exit_group(0 [pid 5847] <... futex resumed>) = ? [pid 5828] <... exit_group resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5829] <... sendfile resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 111.224448][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached , child_tidptr=0x5555563ac690) = 5848 [pid 5848] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5848] chdir("./40") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5848] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5848] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] set_robust_list(0x7f6a9ef039a0, 24 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] <... futex resumed>) = 0 [pid 5849] memfd_create("syzkaller", 0 [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5849] <... memfd_create resumed>) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5849] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./bus", 0777) = 0 [ 111.683664][ T5849] loop0: detected capacity change from 0 to 32768 [ 111.722390][ T5849] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5849) [ 111.751300][ T5849] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 111.763565][ T5849] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 111.774051][ T5849] BTRFS info (device loop0): using free-space-tree [pid 5849] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5849] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./bus") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_CLR_FD) = 0 [pid 5849] close(4) = 0 [pid 5849] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] <... futex resumed>) = 0 [pid 5848] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5849] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] <... futex resumed>) = 0 [pid 5848] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5848] <... futex resumed>) = 1 [pid 5849] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5849] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5848] <... futex resumed>) = 1 [pid 5849] fallocate(5, 0, 0, 1048820) = 0 [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5848] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] sendfile(4, 4, NULL, 142609664 [pid 5848] <... futex resumed>) = 0 [ 111.898394][ T28] audit: type=1800 audit(1708613231.974:122): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5848] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5848] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5848] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5867 attached => {parent_tid=[5867]}, 88) = 5867 [pid 5867] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... rseq resumed>) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] set_robust_list(0x7f6a9eee29a0, 24 [pid 5848] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5848] <... futex resumed>) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5867] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5867] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 0 [pid 5867] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5867] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5867] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] exit_group(0 [pid 5867] <... futex resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5848] <... exit_group resumed>) = ? [pid 5849] <... sendfile resumed>) = ? [pid 5849] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 112.401400][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x5555563ac690) = 5868 [pid 5868] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5868] chdir("./41") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5868] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] set_robust_list(0x7f6a9ef039a0, 24 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... set_robust_list resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... memfd_create resumed>) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5869] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./bus", 0777) = 0 [ 112.881777][ T5869] loop0: detected capacity change from 0 to 32768 [ 112.912820][ T5869] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5869) [pid 5869] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./bus") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_CLR_FD) = 0 [pid 5869] close(4) = 0 [ 112.933565][ T5869] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 112.944496][ T5869] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 112.954525][ T5869] BTRFS info (device loop0): using free-space-tree [pid 5869] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... open resumed>) = 4 [pid 5869] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... futex resumed>) = 1 [pid 5869] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5869] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5868] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] fallocate(5, 0, 0, 1048820 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... fallocate resumed>) = 0 [pid 5869] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5869] sendfile(4, 4, NULL, 142609664 [pid 5868] <... futex resumed>) = 1 [pid 5868] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5868] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5868] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5886] set_robust_list(0x7f6a9eee29a0, 24 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... set_robust_list resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5886] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5868] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... open resumed>) = 6 [pid 5886] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5886] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5886] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] exit_group(0) = ? [pid 5886] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5869] <... sendfile resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 113.470475][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x5555563ac690) = 5887 [pid 5887] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5887] chdir("./42") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5887] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5888] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = 1 [pid 5888] memfd_create("syzkaller", 0 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] <... memfd_create resumed>) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./bus", 0777) = 0 [ 113.941577][ T5888] loop0: detected capacity change from 0 to 32768 [ 113.977344][ T5888] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5888) [pid 5888] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./bus") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 113.999495][ T5888] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 114.012863][ T5888] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 114.022897][ T5888] BTRFS info (device loop0): using free-space-tree [pid 5888] ioctl(4, LOOP_CLR_FD) = 0 [pid 5888] close(4) = 0 [pid 5888] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5887] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... open resumed>) = 4 [pid 5888] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... futex resumed>) = 1 [pid 5888] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5888] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... futex resumed>) = 1 [pid 5888] fallocate(5, 0, 0, 1048820) = 0 [pid 5888] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5887] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.103649][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 114.103663][ T28] audit: type=1800 audit(1708613234.174:128): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 114.130316][ T28] audit: type=1800 audit(1708613234.194:129): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5888] sendfile(4, 4, NULL, 142609664 [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5887] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... open resumed>) = 6 [pid 5905] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5905] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5887] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [ 114.196140][ T28] audit: type=1800 audit(1708613234.274:130): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5905] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] exit_group(0) = ? [pid 5905] <... futex resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5888] <... sendfile resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 114.581611][ T5888] syz-executor984 (5888) used greatest stack depth: 18544 bytes left [ 114.631644][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 5906 [pid 5906] chdir("./43") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5906] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5906] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] <... rseq resumed>) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] set_robust_list(0x7f6a9ef039a0, 24 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5906] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5906] <... futex resumed>) = 0 [pid 5907] memfd_create("syzkaller", 0 [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] <... memfd_create resumed>) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5907] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./bus", 0777) = 0 [ 115.093800][ T5907] loop0: detected capacity change from 0 to 32768 [ 115.113044][ T5907] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5907) [ 115.132351][ T5907] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 5907] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./bus") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_CLR_FD) = 0 [pid 5907] close(4) = 0 [ 115.143267][ T5907] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 115.153445][ T5907] BTRFS info (device loop0): using free-space-tree [pid 5907] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... open resumed>) = 4 [pid 5907] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5907] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5907] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5907] fallocate(5, 0, 0, 1048820) = 0 [pid 5907] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5907] sendfile(4, 4, NULL, 142609664 [pid 5906] <... futex resumed>) = 1 [ 115.212483][ T28] audit: type=1800 audit(1708613235.284:131): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5906] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5906] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5906] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 115.262082][ T28] audit: type=1800 audit(1708613235.314:132): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5924 attached [pid 5924] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 5906] <... clone3 resumed> => {parent_tid=[5924]}, 88) = 5924 [pid 5924] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5924] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5924] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5906] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5924] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [ 115.326778][ T28] audit: type=1800 audit(1708613235.404:133): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5924] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] exit_group(0 [pid 5924] <... futex resumed>) = ? [pid 5906] <... exit_group resumed>) = ? [pid 5924] +++ exited with 0 +++ [pid 5907] <... sendfile resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 115.795311][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached , child_tidptr=0x5555563ac690) = 5925 [pid 5925] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5925] chdir("./44") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5925] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5926 attached [pid 5926] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5925] <... clone3 resumed> => {parent_tid=[5926]}, 88) = 5926 [pid 5926] <... rseq resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] set_robust_list(0x7f6a9ef039a0, 24 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] <... set_robust_list resumed>) = 0 [pid 5925] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... futex resumed>) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5926] memfd_create("syzkaller", 0) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5926] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./bus", 0777) = 0 [ 116.272003][ T5926] loop0: detected capacity change from 0 to 32768 [ 116.300452][ T5926] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5926) [pid 5926] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5926] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5926] chdir("./bus") = 0 [ 116.321508][ T5926] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 116.332213][ T5926] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 116.342273][ T5926] BTRFS info (device loop0): using free-space-tree [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_CLR_FD) = 0 [pid 5926] close(4) = 0 [pid 5926] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5926] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... open resumed>) = 4 [pid 5926] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5925] <... futex resumed>) = 0 [pid 5926] <... open resumed>) = 5 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] fallocate(5, 0, 0, 1048820) = 0 [pid 5926] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5925] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] sendfile(4, 4, NULL, 142609664 [pid 5925] <... futex resumed>) = 0 [ 116.442617][ T28] audit: type=1800 audit(1708613236.514:134): pid=5926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 116.463492][ T28] audit: type=1800 audit(1708613236.534:135): pid=5926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5925] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5925] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5925] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5925] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] <... rseq resumed>) = 0 [pid 5943] set_robust_list(0x7f6a9eee29a0, 24 [pid 5925] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5943] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5943] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5943] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5925] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 5943] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [ 116.552816][ T28] audit: type=1800 audit(1708613236.624:136): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5943] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] exit_group(0) = ? [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5926] <... sendfile resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=58 /* 0.58 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 116.939112][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached , child_tidptr=0x5555563ac690) = 5944 [pid 5944] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5944] chdir("./45") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5944] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5945 attached [pid 5945] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 5944] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5945] set_robust_list(0x7f6a9ef039a0, 24 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5945] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./bus", 0777) = 0 [ 117.462905][ T5945] loop0: detected capacity change from 0 to 32768 [ 117.499239][ T5945] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5945) [ 117.521462][ T5945] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 117.532347][ T5945] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 117.542879][ T5945] BTRFS info (device loop0): using free-space-tree [pid 5945] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./bus") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... open resumed>) = 4 [pid 5945] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = 0 [pid 5945] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5945] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] fallocate(5, 0, 0, 1048820 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... fallocate resumed>) = 0 [pid 5945] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] sendfile(4, 4, NULL, 142609664 [pid 5944] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.651098][ T28] audit: type=1800 audit(1708613237.724:137): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5944] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5944] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5963 attached => {parent_tid=[5963]}, 88) = 5963 [pid 5963] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] <... rseq resumed>) = 0 [pid 5963] set_robust_list(0x7f6a9eee29a0, 24 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5944] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... futex resumed>) = 0 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5963] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5963] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5963] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5944] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5963] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5963] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] exit_group(0 [pid 5963] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5945] <... sendfile resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=64 /* 0.64 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 118.371381][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x5555563ac690) = 5964 [pid 5964] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5964] chdir("./46") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5964] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5964] <... clone3 resumed> => {parent_tid=[5965]}, 88) = 5965 [pid 5965] <... rseq resumed>) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] set_robust_list(0x7f6a9ef039a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5964] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] <... futex resumed>) = 0 [pid 5965] memfd_create("syzkaller", 0 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... memfd_create resumed>) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5965] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./bus", 0777) = 0 [ 118.875119][ T5965] loop0: detected capacity change from 0 to 32768 [ 118.899372][ T5965] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5965) [ 118.916313][ T5965] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 118.927794][ T5965] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 118.938596][ T5965] BTRFS info (device loop0): using free-space-tree [pid 5965] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5965] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./bus") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_CLR_FD) = 0 [pid 5965] close(4) = 0 [pid 5965] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5964] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... open resumed>) = 4 [pid 5965] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 1 [pid 5965] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5965] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5965] fallocate(5, 0, 0, 1048820 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... fallocate resumed>) = 0 [pid 5965] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5965] sendfile(4, 4, NULL, 142609664 [pid 5964] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5964] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5964] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 5983 attached [pid 5983] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5964] <... clone3 resumed> => {parent_tid=[5983]}, 88) = 5983 [pid 5983] <... rseq resumed>) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] set_robust_list(0x7f6a9eee29a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5964] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] <... futex resumed>) = 0 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5964] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... open resumed>) = 6 [pid 5983] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5983] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5983] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5964] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5983] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [ 119.159678][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 119.159693][ T28] audit: type=1800 audit(1708613239.234:142): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5983] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] exit_group(0 [pid 5983] <... futex resumed>) = ? [pid 5964] <... exit_group resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5965] <... sendfile resumed>) = ? [pid 5965] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=52 /* 0.52 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 119.606800][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x5555563ac690) = 5984 [pid 5984] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5984] chdir("./47") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 5984] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 5985 attached => {parent_tid=[5985]}, 88) = 5985 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... rseq resumed>) = 0 [pid 5985] set_robust_list(0x7f6a9ef039a0, 24 [pid 5984] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5984] <... futex resumed>) = 0 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5985] munmap(0x7f6a96a00000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./bus", 0777) = 0 [ 120.096806][ T5985] loop0: detected capacity change from 0 to 32768 [ 120.136334][ T5985] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (5985) [ 120.156785][ T5985] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 120.167442][ T5985] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 120.177505][ T5985] BTRFS info (device loop0): using free-space-tree [pid 5985] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 5985] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./bus") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] close(4) = 0 [pid 5985] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... open resumed>) = 4 [pid 5985] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 120.301199][ T28] audit: type=1800 audit(1708613240.374:143): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5985] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5984] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] fallocate(5, 0, 0, 1048820 [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... fallocate resumed>) = 0 [pid 5985] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5985] sendfile(4, 4, NULL, 142609664 [ 120.337033][ T28] audit: type=1800 audit(1708613240.414:144): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5984] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 5984] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6003 attached => {parent_tid=[6003]}, 88) = 6003 [pid 6003] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... rseq resumed>) = 0 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] set_robust_list(0x7f6a9eee29a0, 24 [pid 5984] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... set_robust_list resumed>) = 0 [pid 5984] <... futex resumed>) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6003] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 6003] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6003] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6003] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [ 120.443156][ T28] audit: type=1800 audit(1708613240.514:145): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6003] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] exit_group(0) = ? [pid 6003] <... futex resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 5985] <... sendfile resumed>) = ? [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=46 /* 0.46 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 120.879252][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6004 attached [pid 6004] set_robust_list(0x5555563ac6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 6004 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6004] chdir("./48") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6004] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6005 attached [pid 6005] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6004] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] set_robust_list(0x7f6a9ef039a0, 24 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] <... set_robust_list resumed>) = 0 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] <... futex resumed>) = 0 [pid 6005] memfd_create("syzkaller", 0 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] <... memfd_create resumed>) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6005] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777) = 0 [ 121.399725][ T6005] loop0: detected capacity change from 0 to 32768 [ 121.427114][ T6005] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6005) [pid 6005] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 121.447200][ T6005] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 121.457762][ T6005] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 121.468376][ T6005] BTRFS info (device loop0): using free-space-tree [pid 6005] chdir("./bus") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_CLR_FD) = 0 [pid 6005] close(4) = 0 [pid 6005] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6005] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6005] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] fallocate(5, 0, 0, 1048820 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... fallocate resumed>) = 0 [pid 6005] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6004] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] sendfile(4, 4, NULL, 142609664 [pid 6004] <... futex resumed>) = 0 [ 121.557331][ T28] audit: type=1800 audit(1708613241.634:146): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 121.580487][ T28] audit: type=1800 audit(1708613241.664:147): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6004] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6004] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6022 attached [pid 6022] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6022]}, 88) = 6022 [pid 6022] <... rseq resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] set_robust_list(0x7f6a9eee29a0, 24 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] <... set_robust_list resumed>) = 0 [pid 6004] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] <... futex resumed>) = 0 [pid 6022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6022] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6022] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6004] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6022] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [ 121.685285][ T28] audit: type=1800 audit(1708613241.754:148): pid=6022 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6022] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] exit_group(0 [pid 6022] <... futex resumed>) = ? [pid 6004] <... exit_group resumed>) = ? [pid 6022] +++ exited with 0 +++ [pid 6005] <... sendfile resumed>) = ? [pid 6005] +++ exited with 0 +++ [pid 6004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=49 /* 0.49 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 122.071098][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached , child_tidptr=0x5555563ac690) = 6023 [pid 6023] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6023] chdir("./49") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6023] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[6024]}, 88) = 6024 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6023] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6024 attached [pid 6024] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6024] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6024] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./bus", 0777) = 0 [ 122.585680][ T6024] loop0: detected capacity change from 0 to 32768 [ 122.614874][ T6024] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6024) [ 122.635415][ T6024] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 122.646026][ T6024] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 122.656070][ T6024] BTRFS info (device loop0): using free-space-tree [pid 6024] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./bus") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... open resumed>) = 4 [pid 6024] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... futex resumed>) = 0 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... open resumed>) = 5 [pid 6024] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] fallocate(5, 0, 0, 1048820 [pid 6023] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... fallocate resumed>) = 0 [pid 6024] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] sendfile(4, 4, NULL, 142609664 [pid 6023] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 122.791859][ T28] audit: type=1800 audit(1708613242.864:149): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 122.816717][ T28] audit: type=1800 audit(1708613242.894:150): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6023] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6023] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6023] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6042]}, 88) = 6042 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6023] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6042 attached [pid 6023] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6042] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6042] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6042] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6042] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [ 122.900204][ T28] audit: type=1800 audit(1708613242.974:151): pid=6042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6042] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] exit_group(0 [pid 6042] <... futex resumed>) = ? [pid 6023] <... exit_group resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6024] <... sendfile resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 123.351717][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached , child_tidptr=0x5555563ac690) = 6043 [pid 6043] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6043] chdir("./50") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6043] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6043] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] set_robust_list(0x7f6a9ef039a0, 24 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] <... set_robust_list resumed>) = 0 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] <... futex resumed>) = 0 [pid 6044] memfd_create("syzkaller", 0 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6044] <... memfd_create resumed>) = 3 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6044] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6044] close(3) = 0 [pid 6044] close(4) = 0 [pid 6044] mkdir("./bus", 0777) = 0 [ 123.853498][ T6044] loop0: detected capacity change from 0 to 32768 [ 123.894545][ T6044] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6044) [ 123.924398][ T6044] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 6044] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./bus") = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 123.935479][ T6044] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 123.945554][ T6044] BTRFS info (device loop0): using free-space-tree [pid 6044] ioctl(4, LOOP_CLR_FD) = 0 [pid 6044] close(4) = 0 [pid 6044] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6044] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... open resumed>) = 5 [pid 6044] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] fallocate(5, 0, 0, 1048820 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... fallocate resumed>) = 0 [pid 6044] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] sendfile(4, 4, NULL, 142609664 [pid 6043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6043] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6062 attached => {parent_tid=[6062]}, 88) = 6062 [pid 6062] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6062] <... rseq resumed>) = 0 [pid 6062] set_robust_list(0x7f6a9eee29a0, 24 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6062] <... set_robust_list resumed>) = 0 [pid 6043] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6062] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6062] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6043] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6043] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6062] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6062] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] exit_group(0) = ? [pid 6062] <... futex resumed>) = ? [pid 6062] +++ exited with 0 +++ [pid 6044] <... sendfile resumed>) = ? [pid 6044] +++ exited with 0 +++ [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 124.400486][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x5555563ac6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 6063 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6063] chdir("./51") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6063] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6064 attached [pid 6064] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6063] <... clone3 resumed> => {parent_tid=[6064]}, 88) = 6064 [pid 6064] set_robust_list(0x7f6a9ef039a0, 24 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] <... set_robust_list resumed>) = 0 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] memfd_create("syzkaller", 0 [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6064] <... memfd_create resumed>) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6064] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] close(4) = 0 [pid 6064] mkdir("./bus", 0777) = 0 [ 124.851356][ T6064] loop0: detected capacity change from 0 to 32768 [ 124.893221][ T6064] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6064) [ 124.915187][ T6064] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 124.927120][ T6064] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 124.937589][ T6064] BTRFS info (device loop0): using free-space-tree [pid 6064] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] chdir("./bus") = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_CLR_FD) = 0 [pid 6064] close(4) = 0 [pid 6064] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6064] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [ 125.059477][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 125.059487][ T28] audit: type=1800 audit(1708613245.134:155): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6063] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6064] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] <... futex resumed>) = 0 [pid 6064] fallocate(5, 0, 0, 1048820 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... fallocate resumed>) = 0 [pid 6064] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] <... futex resumed>) = 0 [pid 6064] sendfile(4, 4, NULL, 142609664 [ 125.093368][ T28] audit: type=1800 audit(1708613245.164:156): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6063] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6063] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6063] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6082 attached => {parent_tid=[6082]}, 88) = 6082 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6082] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] <... futex resumed>) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6063] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... open resumed>) = 6 [pid 6082] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6063] <... futex resumed>) = 1 [pid 6082] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6063] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 125.191425][ T28] audit: type=1800 audit(1708613245.264:157): pid=6082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6082] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] exit_group(0) = ? [pid 6082] <... futex resumed>) = ? [pid 6082] +++ exited with 0 +++ [pid 6064] <... sendfile resumed>) = ? [pid 6064] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 125.543816][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6083 attached , child_tidptr=0x5555563ac690) = 6083 [pid 6083] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6083] chdir("./52") = 0 [pid 6083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6083] setpgid(0, 0) = 0 [pid 6083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6083] write(3, "1000", 4) = 4 [pid 6083] close(3) = 0 [pid 6083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6083] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6084 attached [pid 6084] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6083] <... clone3 resumed> => {parent_tid=[6084]}, 88) = 6084 [pid 6084] set_robust_list(0x7f6a9ef039a0, 24 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] <... set_robust_list resumed>) = 0 [pid 6083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] <... futex resumed>) = 0 [pid 6084] memfd_create("syzkaller", 0 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6084] <... memfd_create resumed>) = 3 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6084] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6084] close(3) = 0 [pid 6084] close(4) = 0 [pid 6084] mkdir("./bus", 0777) = 0 [ 125.994135][ T6084] loop0: detected capacity change from 0 to 32768 [ 126.027772][ T6084] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6084) [pid 6084] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6084] chdir("./bus") = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 126.048977][ T6084] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 126.060060][ T6084] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 126.069895][ T6084] BTRFS info (device loop0): using free-space-tree [pid 6084] ioctl(4, LOOP_CLR_FD) = 0 [pid 6084] close(4) = 0 [pid 6084] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6083] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... open resumed>) = 4 [pid 6084] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6084] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6083] <... futex resumed>) = 0 [pid 6084] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6083] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] fallocate(5, 0, 0, 1048820) = 0 [pid 6084] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6084] sendfile(4, 4, NULL, 142609664 [ 126.149068][ T28] audit: type=1800 audit(1708613246.224:158): pid=6084 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 126.171293][ T28] audit: type=1800 audit(1708613246.234:159): pid=6084 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6083] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6083] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6083] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6083] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6101] <... rseq resumed>) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] set_robust_list(0x7f6a9eee29a0, 24 [pid 6083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6083] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] <... futex resumed>) = 0 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6101] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6101] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6083] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [ 126.252267][ T28] audit: type=1800 audit(1708613246.324:160): pid=6101 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6101] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] exit_group(0) = ? [pid 6101] <... futex resumed>) = ? [pid 6101] +++ exited with 0 +++ [pid 6084] <... sendfile resumed>) = ? [pid 6084] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6083, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 126.607820][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6102 attached , child_tidptr=0x5555563ac690) = 6102 [pid 6102] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6102] chdir("./53") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6102] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6103 attached => {parent_tid=[6103]}, 88) = 6103 [pid 6103] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6103] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] <... memfd_create resumed>) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6103] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] close(4) = 0 [pid 6103] mkdir("./bus", 0777) = 0 [ 127.075780][ T6103] loop0: detected capacity change from 0 to 32768 [ 127.102526][ T6103] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6103) [ 127.122789][ T6103] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 127.133924][ T6103] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 127.144520][ T6103] BTRFS info (device loop0): using free-space-tree [pid 6103] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./bus") = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6102] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] <... open resumed>) = 4 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6102] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... open resumed>) = 5 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... futex resumed>) = 0 [pid 6102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] fallocate(5, 0, 0, 1048820 [pid 6102] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... fallocate resumed>) = 0 [pid 6103] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 127.274513][ T28] audit: type=1800 audit(1708613247.344:161): pid=6103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6103] sendfile(4, 4, NULL, 142609664 [pid 6102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6102] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6121]}, 88) = 6121 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6121 attached [pid 6102] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6121] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6121] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6121] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6121] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [ 127.324249][ T28] audit: type=1800 audit(1708613247.374:162): pid=6103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 127.388902][ T28] audit: type=1800 audit(1708613247.444:163): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6121] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] exit_group(0) = ? [pid 6121] <... futex resumed>) = ? [pid 6121] +++ exited with 0 +++ [pid 6103] <... sendfile resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 127.815073][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6122 attached , child_tidptr=0x5555563ac690) = 6122 [pid 6122] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6122] chdir("./54") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6122] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6123 attached [pid 6123] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6122] <... clone3 resumed> => {parent_tid=[6123]}, 88) = 6123 [pid 6123] <... rseq resumed>) = 0 [pid 6123] set_robust_list(0x7f6a9ef039a0, 24 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] <... set_robust_list resumed>) = 0 [pid 6122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6122] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6122] <... futex resumed>) = 0 [pid 6123] memfd_create("syzkaller", 0 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6123] <... memfd_create resumed>) = 3 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6123] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6123] close(3) = 0 [pid 6123] close(4) = 0 [pid 6123] mkdir("./bus", 0777) = 0 [ 128.319340][ T6123] loop0: detected capacity change from 0 to 32768 [ 128.342654][ T6123] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6123) [pid 6123] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 128.361511][ T6123] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 128.372001][ T6123] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 128.382032][ T6123] BTRFS info (device loop0): using free-space-tree [pid 6123] chdir("./bus") = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_CLR_FD) = 0 [pid 6123] close(4) = 0 [pid 6123] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6122] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... open resumed>) = 4 [pid 6123] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 0 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6122] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6122] <... futex resumed>) = 1 [pid 6123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... open resumed>) = 5 [pid 6123] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6123] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6122] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] fallocate(5, 0, 0, 1048820 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... fallocate resumed>) = 0 [pid 6123] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6122] <... futex resumed>) = 1 [pid 6123] sendfile(4, 4, NULL, 142609664 [ 128.467241][ T28] audit: type=1800 audit(1708613248.544:164): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6122] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6122] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6122] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6140 attached [pid 6140] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6140] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6122] <... clone3 resumed> => {parent_tid=[6140]}, 88) = 6140 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], [pid 6140] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6122] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6122] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6140] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6140] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6122] <... futex resumed>) = 0 [pid 6140] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6122] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=3, ...}) = 0 [pid 6140] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6140] <... futex resumed>) = 1 [pid 6140] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] exit_group(0 [pid 6140] <... futex resumed>) = ? [pid 6122] <... exit_group resumed>) = ? [pid 6140] +++ exited with 0 +++ [pid 6123] <... sendfile resumed>) = ? [pid 6123] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 129.136833][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached [pid 6141] set_robust_list(0x5555563ac6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 6141 [pid 6141] <... set_robust_list resumed>) = 0 [pid 6141] chdir("./55") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6141] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6142 attached [pid 6142] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6141] <... clone3 resumed> => {parent_tid=[6142]}, 88) = 6142 [pid 6142] <... rseq resumed>) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] set_robust_list(0x7f6a9ef039a0, 24 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] <... set_robust_list resumed>) = 0 [pid 6141] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] <... futex resumed>) = 0 [pid 6142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6142] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] close(4) = 0 [pid 6142] mkdir("./bus", 0777) = 0 [ 129.626262][ T6142] loop0: detected capacity change from 0 to 32768 [ 129.666273][ T6142] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6142) [ 129.684026][ T6142] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 129.695022][ T6142] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 129.704671][ T6142] BTRFS info (device loop0): using free-space-tree [pid 6142] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./bus") = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_CLR_FD) = 0 [pid 6142] close(4) = 0 [pid 6142] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... futex resumed>) = 0 [pid 6142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... open resumed>) = 4 [pid 6142] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6141] <... futex resumed>) = 0 [pid 6142] <... open resumed>) = 5 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] fallocate(5, 0, 0, 1048820 [pid 6141] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... fallocate resumed>) = 0 [pid 6142] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... futex resumed>) = 0 [pid 6142] sendfile(4, 4, NULL, 142609664 [pid 6141] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6141] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6141] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6160]}, 88) = 6160 ./strace-static-x86_64: Process 6160 attached [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6160] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6160] <... rseq resumed>) = 0 [pid 6141] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] set_robust_list(0x7f6a9eee29a0, 24 [pid 6141] <... futex resumed>) = 0 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6141] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6160] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6160] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6160] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6160] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6160] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] exit_group(0 [pid 6160] <... futex resumed>) = ? [pid 6141] <... exit_group resumed>) = ? [pid 6160] +++ exited with 0 +++ [pid 6142] <... sendfile resumed>) = ? [pid 6142] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 130.398905][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6161 attached [pid 6161] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6161] chdir("./56" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 6161 [pid 6161] <... chdir resumed>) = 0 [pid 6161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6161] setpgid(0, 0) = 0 [pid 6161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6161] write(3, "1000", 4) = 4 [pid 6161] close(3) = 0 [pid 6161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6161] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[6162]}, 88) = 6162 ./strace-static-x86_64: Process 6162 attached [pid 6161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6161] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6162] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6162] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6162] memfd_create("syzkaller", 0) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6162] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6162] close(3) = 0 [pid 6162] close(4) = 0 [pid 6162] mkdir("./bus", 0777) = 0 [ 130.860752][ T6162] loop0: detected capacity change from 0 to 32768 [ 130.907699][ T6162] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6162) [ 130.929317][ T6162] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 130.940345][ T6162] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 130.950593][ T6162] BTRFS info (device loop0): using free-space-tree [pid 6162] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6162] chdir("./bus") = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6162] ioctl(4, LOOP_CLR_FD) = 0 [pid 6162] close(4) = 0 [pid 6162] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] <... futex resumed>) = 0 [pid 6162] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6162] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... open resumed>) = 4 [pid 6162] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6161] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6161] <... futex resumed>) = 1 [pid 6162] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] fallocate(5, 0, 0, 1048820) = 0 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] <... futex resumed>) = 0 [pid 6162] sendfile(4, 4, NULL, 142609664 [pid 6161] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 131.046729][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 131.046742][ T28] audit: type=1800 audit(1708613251.124:170): pid=6162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6161] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6161] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6161] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6180 attached => {parent_tid=[6180]}, 88) = 6180 [pid 6161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6161] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6180] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6180] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6180] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] <... futex resumed>) = 0 [pid 6180] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6180] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6180] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] <... futex resumed>) = 0 [ 131.119650][ T28] audit: type=1800 audit(1708613251.154:171): pid=6162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 131.178348][ T28] audit: type=1800 audit(1708613251.234:172): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6180] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] exit_group(0 [pid 6180] <... futex resumed>) = ? [pid 6161] <... exit_group resumed>) = ? [pid 6180] +++ exited with 0 +++ [pid 6162] <... sendfile resumed>) = ? [pid 6162] +++ exited with 0 +++ [pid 6161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6161, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=55 /* 0.55 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 131.687884][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6181 attached , child_tidptr=0x5555563ac690) = 6181 [pid 6181] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6181] chdir("./57") = 0 [pid 6181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6181] setpgid(0, 0) = 0 [pid 6181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6181] write(3, "1000", 4) = 4 [pid 6181] close(3) = 0 [pid 6181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6181] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6182 attached [pid 6182] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6181] <... clone3 resumed> => {parent_tid=[6182]}, 88) = 6182 [pid 6182] set_robust_list(0x7f6a9ef039a0, 24 [pid 6181] rt_sigprocmask(SIG_SETMASK, [], [pid 6182] <... set_robust_list resumed>) = 0 [pid 6181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], [pid 6181] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6182] memfd_create("syzkaller", 0 [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6182] <... memfd_create resumed>) = 3 [pid 6182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6182] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6182] close(3) = 0 [pid 6182] close(4) = 0 [pid 6182] mkdir("./bus", 0777) = 0 [ 132.196599][ T6182] loop0: detected capacity change from 0 to 32768 [ 132.225838][ T6182] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6182) [ 132.248383][ T6182] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 132.260591][ T6182] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 132.270801][ T6182] BTRFS info (device loop0): using free-space-tree [pid 6182] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6182] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6182] chdir("./bus") = 0 [pid 6182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6182] ioctl(4, LOOP_CLR_FD) = 0 [pid 6182] close(4) = 0 [pid 6182] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = 0 [pid 6182] <... futex resumed>) = 1 [pid 6181] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] <... open resumed>) = 4 [pid 6182] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6182] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] <... open resumed>) = 5 [pid 6182] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] fallocate(5, 0, 0, 1048820) = 0 [pid 6182] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6182] sendfile(4, 4, NULL, 142609664 [ 132.398091][ T28] audit: type=1800 audit(1708613252.474:173): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 132.425318][ T28] audit: type=1800 audit(1708613252.504:174): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6181] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6181] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6181] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6200]}, 88) = 6200 ./strace-static-x86_64: Process 6200 attached [pid 6181] rt_sigprocmask(SIG_SETMASK, [], [pid 6200] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6200] <... rseq resumed>) = 0 [pid 6181] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] set_robust_list(0x7f6a9eee29a0, 24 [pid 6181] <... futex resumed>) = 0 [pid 6200] <... set_robust_list resumed>) = 0 [pid 6181] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6200] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6200] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6181] <... futex resumed>) = 0 [pid 6181] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6200] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6181] <... futex resumed>) = 0 [ 132.512376][ T28] audit: type=1800 audit(1708613252.584:175): pid=6200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6200] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6181] exit_group(0 [pid 6200] <... futex resumed>) = ? [pid 6181] <... exit_group resumed>) = ? [pid 6200] +++ exited with 0 +++ [pid 6182] <... sendfile resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6181, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 132.923882][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6201 attached , child_tidptr=0x5555563ac690) = 6201 [pid 6201] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6201] chdir("./58") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6201] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6202 attached [pid 6202] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6201] <... clone3 resumed> => {parent_tid=[6202]}, 88) = 6202 [pid 6202] <... rseq resumed>) = 0 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], [pid 6202] set_robust_list(0x7f6a9ef039a0, 24 [pid 6201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] <... set_robust_list resumed>) = 0 [pid 6201] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6201] <... futex resumed>) = 0 [pid 6202] memfd_create("syzkaller", 0 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6202] <... memfd_create resumed>) = 3 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6202] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6202] close(3) = 0 [pid 6202] close(4) = 0 [pid 6202] mkdir("./bus", 0777) = 0 [ 133.423941][ T6202] loop0: detected capacity change from 0 to 32768 [ 133.452477][ T6202] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6202) [ 133.471314][ T6202] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 133.482477][ T6202] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 133.492949][ T6202] BTRFS info (device loop0): using free-space-tree [pid 6202] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6202] chdir("./bus") = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_CLR_FD) = 0 [pid 6202] close(4) = 0 [pid 6202] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6201] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... open resumed>) = 4 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6202] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6202] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6202] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = 0 [pid 6201] <... futex resumed>) = 1 [pid 6202] fallocate(5, 0, 0, 1048820 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... fallocate resumed>) = 0 [pid 6202] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = 0 [pid 6201] <... futex resumed>) = 1 [pid 6202] sendfile(4, 4, NULL, 142609664 [ 133.601001][ T28] audit: type=1800 audit(1708613253.674:176): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 133.627350][ T28] audit: type=1800 audit(1708613253.704:177): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6201] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6201] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6201] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6220]}, 88) = 6220 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6201] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6220 attached [pid 6220] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6220] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6220] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6220] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6220] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6201] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6220] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [ 133.723270][ T28] audit: type=1800 audit(1708613253.794:178): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6220] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] exit_group(0 [pid 6220] <... futex resumed>) = ? [pid 6201] <... exit_group resumed>) = ? [pid 6220] +++ exited with 0 +++ [pid 6202] <... sendfile resumed>) = ? [pid 6202] +++ exited with 0 +++ [pid 6201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=54 /* 0.54 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 134.204529][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6221 attached , child_tidptr=0x5555563ac690) = 6221 [pid 6221] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6221] chdir("./59") = 0 [pid 6221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6221] setpgid(0, 0) = 0 [pid 6221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6221] write(3, "1000", 4) = 4 [pid 6221] close(3) = 0 [pid 6221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6221] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6222 attached => {parent_tid=[6222]}, 88) = 6222 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6221] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6222] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6222] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6222] memfd_create("syzkaller", 0) = 3 [pid 6222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6222] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6222] close(3) = 0 [pid 6222] close(4) = 0 [pid 6222] mkdir("./bus", 0777) = 0 [ 134.686547][ T6222] loop0: detected capacity change from 0 to 32768 [ 134.713803][ T6222] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6222) [pid 6222] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 134.732579][ T6222] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 134.743639][ T6222] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 134.753707][ T6222] BTRFS info (device loop0): using free-space-tree [pid 6222] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] chdir("./bus") = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6222] ioctl(4, LOOP_CLR_FD) = 0 [pid 6222] close(4) = 0 [pid 6222] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6222] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6222] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6221] <... futex resumed>) = 0 [pid 6222] <... open resumed>) = 4 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [pid 6222] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6222] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] fallocate(5, 0, 0, 1048820 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... fallocate resumed>) = 0 [pid 6222] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [ 134.841404][ T28] audit: type=1800 audit(1708613254.914:179): pid=6222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6222] sendfile(4, 4, NULL, 142609664 [pid 6221] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6221] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6239 attached [pid 6239] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6239] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6221] <... clone3 resumed> => {parent_tid=[6239]}, 88) = 6239 [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6221] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6239] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6239] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6239] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6239] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6239] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] exit_group(0) = ? [pid 6239] <... futex resumed>) = ? [pid 6239] +++ exited with 0 +++ [pid 6222] <... sendfile resumed>) = ? [pid 6222] +++ exited with 0 +++ [pid 6221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6221, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=56 /* 0.56 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 135.352793][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6240 ./strace-static-x86_64: Process 6240 attached [pid 6240] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6240] chdir("./60") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6240] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6241 attached => {parent_tid=[6241]}, 88) = 6241 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6240] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6241] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6241] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6241] memfd_create("syzkaller", 0) = 3 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6241] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6241] close(3) = 0 [pid 6241] close(4) = 0 [pid 6241] mkdir("./bus", 0777) = 0 [ 135.844229][ T6241] loop0: detected capacity change from 0 to 32768 [ 135.872215][ T6241] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6241) [ 135.895326][ T6241] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 135.907109][ T6241] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 135.916767][ T6241] BTRFS info (device loop0): using free-space-tree [pid 6241] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6241] chdir("./bus") = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6241] ioctl(4, LOOP_CLR_FD) = 0 [pid 6241] close(4) = 0 [pid 6241] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = 0 [pid 6240] <... futex resumed>) = 1 [pid 6241] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... open resumed>) = 4 [pid 6241] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6241] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 6241] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... open resumed>) = 5 [pid 6241] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6241] <... futex resumed>) = 1 [pid 6240] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] fallocate(5, 0, 0, 1048820 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... fallocate resumed>) = 0 [pid 6241] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6241] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 6241] sendfile(4, 4, NULL, 142609664 [pid 6240] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6240] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6240] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6259]}, 88) = 6259 ./strace-static-x86_64: Process 6259 attached [pid 6240] rt_sigprocmask(SIG_SETMASK, [], [pid 6259] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] set_robust_list(0x7f6a9eee29a0, 24 [pid 6240] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... set_robust_list resumed>) = 0 [pid 6240] <... futex resumed>) = 0 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6259] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6259] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 6259] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6240] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6259] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [ 136.121594][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 136.121609][ T28] audit: type=1800 audit(1708613256.194:184): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6259] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] exit_group(0 [pid 6259] <... futex resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6240] <... exit_group resumed>) = ? [pid 6241] <... sendfile resumed>) = ? [pid 6241] +++ exited with 0 +++ [pid 6240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 136.398286][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6260 attached , child_tidptr=0x5555563ac690) = 6260 [pid 6260] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6260] chdir("./61") = 0 [pid 6260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6260] setpgid(0, 0) = 0 [pid 6260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6260] write(3, "1000", 4) = 4 [pid 6260] close(3) = 0 [pid 6260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6260] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6261 attached [pid 6261] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6260] <... clone3 resumed> => {parent_tid=[6261]}, 88) = 6261 [pid 6261] set_robust_list(0x7f6a9ef039a0, 24 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] <... set_robust_list resumed>) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6261] memfd_create("syzkaller", 0 [pid 6260] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6261] <... memfd_create resumed>) = 3 [pid 6261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6261] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6261] close(3) = 0 [pid 6261] close(4) = 0 [pid 6261] mkdir("./bus", 0777) = 0 [ 136.935231][ T6261] loop0: detected capacity change from 0 to 32768 [ 136.971517][ T6261] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6261) [pid 6261] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6261] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6261] chdir("./bus") = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_CLR_FD) = 0 [pid 6261] close(4) = 0 [pid 6261] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] <... futex resumed>) = 0 [ 137.001324][ T6261] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 137.013453][ T6261] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 137.024377][ T6261] BTRFS info (device loop0): using free-space-tree [pid 6261] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6260] <... futex resumed>) = 1 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 1 [pid 6261] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6261] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6261] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 6261] fallocate(5, 0, 0, 1048820 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... fallocate resumed>) = 0 [pid 6261] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6261] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6261] sendfile(4, 4, NULL, 142609664 [ 137.066885][ T28] audit: type=1800 audit(1708613257.144:185): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 137.088823][ T28] audit: type=1800 audit(1708613257.154:186): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6260] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6260] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6260] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6278 attached => {parent_tid=[6278]}, 88) = 6278 [pid 6278] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], [pid 6278] <... rseq resumed>) = 0 [pid 6260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6278] set_robust_list(0x7f6a9eee29a0, 24 [pid 6260] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... set_robust_list resumed>) = 0 [pid 6260] <... futex resumed>) = 0 [pid 6278] rt_sigprocmask(SIG_SETMASK, [], [pid 6260] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6278] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6278] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6278] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6260] <... futex resumed>) = 1 [pid 6278] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6260] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6278] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6278] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] <... futex resumed>) = 0 [ 137.179865][ T28] audit: type=1800 audit(1708613257.254:187): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6278] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] exit_group(0 [pid 6278] <... futex resumed>) = ? [pid 6260] <... exit_group resumed>) = ? [pid 6278] +++ exited with 0 +++ [pid 6261] <... sendfile resumed>) = ? [pid 6261] +++ exited with 0 +++ [pid 6260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6260, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=62 /* 0.62 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 137.751312][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6279 attached , child_tidptr=0x5555563ac690) = 6279 [pid 6279] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6279] chdir("./62") = 0 [pid 6279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6279] setpgid(0, 0) = 0 [pid 6279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6279] write(3, "1000", 4) = 4 [pid 6279] close(3) = 0 [pid 6279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6279] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6280 attached [pid 6280] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6279] <... clone3 resumed> => {parent_tid=[6280]}, 88) = 6280 [pid 6280] set_robust_list(0x7f6a9ef039a0, 24 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], [pid 6280] <... set_robust_list resumed>) = 0 [pid 6279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6280] rt_sigprocmask(SIG_SETMASK, [], [pid 6279] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6279] <... futex resumed>) = 0 [pid 6280] memfd_create("syzkaller", 0 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6280] <... memfd_create resumed>) = 3 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6280] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6280] close(3) = 0 [pid 6280] close(4) = 0 [pid 6280] mkdir("./bus", 0777) = 0 [ 138.275212][ T6280] loop0: detected capacity change from 0 to 32768 [ 138.310964][ T6280] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6280) [pid 6280] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6280] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 138.333459][ T6280] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 138.344225][ T6280] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 138.354789][ T6280] BTRFS info (device loop0): using free-space-tree [pid 6280] chdir("./bus") = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6280] ioctl(4, LOOP_CLR_FD) = 0 [pid 6280] close(4) = 0 [pid 6280] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6280] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6279] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... open resumed>) = 4 [pid 6279] <... futex resumed>) = 0 [pid 6280] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 0 [pid 6279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6280] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6279] <... futex resumed>) = 0 [pid 6280] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6280] fallocate(5, 0, 0, 1048820 [pid 6279] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... fallocate resumed>) = 0 [pid 6280] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6280] sendfile(4, 4, NULL, 142609664 [ 138.456986][ T28] audit: type=1800 audit(1708613258.534:188): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6279] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 138.495892][ T28] audit: type=1800 audit(1708613258.534:189): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6279] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6279] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6298 attached [pid 6298] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6279] <... clone3 resumed> => {parent_tid=[6298]}, 88) = 6298 [pid 6298] <... rseq resumed>) = 0 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], [pid 6298] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6298] rt_sigprocmask(SIG_SETMASK, [], [pid 6279] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6279] <... futex resumed>) = 0 [pid 6298] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6279] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... open resumed>) = 6 [pid 6298] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6298] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6279] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6298] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [ 138.597695][ T28] audit: type=1800 audit(1708613258.674:190): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6298] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] exit_group(0 [pid 6298] <... futex resumed>) = ? [pid 6279] <... exit_group resumed>) = ? [pid 6298] +++ exited with 0 +++ [pid 6280] <... sendfile resumed>) = ? [pid 6280] +++ exited with 0 +++ [pid 6279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6279, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 138.881798][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6299 ./strace-static-x86_64: Process 6299 attached [pid 6299] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6299] chdir("./63") = 0 [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6299] setpgid(0, 0) = 0 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6299] write(3, "1000", 4) = 4 [pid 6299] close(3) = 0 [pid 6299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6299] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6300 attached [pid 6300] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6299] <... clone3 resumed> => {parent_tid=[6300]}, 88) = 6300 [pid 6300] <... rseq resumed>) = 0 [pid 6299] rt_sigprocmask(SIG_SETMASK, [], [pid 6300] set_robust_list(0x7f6a9ef039a0, 24 [pid 6299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6300] <... set_robust_list resumed>) = 0 [pid 6299] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] rt_sigprocmask(SIG_SETMASK, [], [pid 6299] <... futex resumed>) = 0 [pid 6300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6300] memfd_create("syzkaller", 0) = 3 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6300] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] close(3) = 0 [pid 6300] close(4) = 0 [pid 6300] mkdir("./bus", 0777) = 0 [ 139.447475][ T6300] loop0: detected capacity change from 0 to 32768 [ 139.477805][ T6300] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6300) [pid 6300] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6300] chdir("./bus") = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 139.497715][ T6300] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 139.508013][ T6300] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 139.518284][ T6300] BTRFS info (device loop0): using free-space-tree [pid 6300] ioctl(4, LOOP_CLR_FD) = 0 [pid 6300] close(4) = 0 [pid 6300] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6299] <... futex resumed>) = 0 [pid 6300] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6300] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = 1 [pid 6299] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... open resumed>) = 5 [pid 6300] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [pid 6300] fallocate(5, 0, 0, 1048820) = 0 [pid 6300] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = 1 [pid 6299] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] sendfile(4, 4, NULL, 142609664 [pid 6299] <... futex resumed>) = 0 [ 139.600977][ T28] audit: type=1800 audit(1708613259.674:191): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 139.622126][ T28] audit: type=1800 audit(1708613259.674:192): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6299] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6299] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6299] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6317 attached [pid 6317] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6299] <... clone3 resumed> => {parent_tid=[6317]}, 88) = 6317 [pid 6317] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6317] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6299] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6299] <... futex resumed>) = 1 [pid 6317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6299] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6317] <... open resumed>) = 6 [pid 6317] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6299] <... futex resumed>) = 1 [pid 6317] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6299] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6317] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6317] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6299] <... futex resumed>) = 0 [ 139.737760][ T28] audit: type=1800 audit(1708613259.814:193): pid=6317 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6317] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] exit_group(0) = ? [pid 6317] <... futex resumed>) = ? [pid 6317] +++ exited with 0 +++ [pid 6300] <... sendfile resumed>) = ? [pid 6300] +++ exited with 0 +++ [pid 6299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6299, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 140.089110][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6318 attached , child_tidptr=0x5555563ac690) = 6318 [pid 6318] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6318] chdir("./64") = 0 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6318] setpgid(0, 0) = 0 [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6318] write(3, "1000", 4) = 4 [pid 6318] close(3) = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6318] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6319 attached [pid 6319] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6318] <... clone3 resumed> => {parent_tid=[6319]}, 88) = 6319 [pid 6319] set_robust_list(0x7f6a9ef039a0, 24 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6319] <... set_robust_list resumed>) = 0 [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6318] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] memfd_create("syzkaller", 0 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... memfd_create resumed>) = 3 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6319] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6319] close(3) = 0 [pid 6319] close(4) = 0 [pid 6319] mkdir("./bus", 0777) = 0 [ 140.569264][ T6319] loop0: detected capacity change from 0 to 32768 [ 140.605162][ T6319] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6319) [pid 6319] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6319] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6319] chdir("./bus") = 0 [ 140.625536][ T6319] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 140.636220][ T6319] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 140.646227][ T6319] BTRFS info (device loop0): using free-space-tree [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6319] ioctl(4, LOOP_CLR_FD) = 0 [pid 6319] close(4) = 0 [pid 6319] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... open resumed>) = 4 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6319] <... futex resumed>) = 0 [pid 6318] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... open resumed>) = 5 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6318] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] fallocate(5, 0, 0, 1048820 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] <... fallocate resumed>) = 0 [pid 6319] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6319] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6319] sendfile(4, 4, NULL, 142609664 [pid 6318] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6318] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6318] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6336]}, 88) = 6336 ./strace-static-x86_64: Process 6336 attached [pid 6318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6318] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6318] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... rseq resumed>) = 0 [pid 6336] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6336] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6336] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6336] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6318] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6318] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6336] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] exit_group(0 [pid 6336] <... futex resumed>) = ? [pid 6318] <... exit_group resumed>) = ? [pid 6336] +++ exited with 0 +++ [pid 6319] <... sendfile resumed>) = ? [pid 6319] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=57 /* 0.57 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 141.364668][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6337 ./strace-static-x86_64: Process 6337 attached [pid 6337] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6337] chdir("./65") = 0 [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6337] setpgid(0, 0) = 0 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6337] write(3, "1000", 4) = 4 [pid 6337] close(3) = 0 [pid 6337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6337] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6338 attached [pid 6338] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6337] <... clone3 resumed> => {parent_tid=[6338]}, 88) = 6338 [pid 6338] <... rseq resumed>) = 0 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6338] set_robust_list(0x7f6a9ef039a0, 24 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] <... set_robust_list resumed>) = 0 [pid 6337] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] <... futex resumed>) = 0 [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6338] memfd_create("syzkaller", 0) = 3 [pid 6338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6338] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6338] close(3) = 0 [pid 6338] close(4) = 0 [pid 6338] mkdir("./bus", 0777) = 0 [ 141.851512][ T6338] loop0: detected capacity change from 0 to 32768 [ 141.891511][ T6338] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6338) [ 141.921135][ T6338] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 141.932873][ T6338] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 141.943580][ T6338] BTRFS info (device loop0): using free-space-tree [pid 6338] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6338] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6338] chdir("./bus") = 0 [pid 6338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6338] ioctl(4, LOOP_CLR_FD) = 0 [pid 6338] close(4) = 0 [pid 6338] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6337] <... futex resumed>) = 0 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... open resumed>) = 4 [pid 6338] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = 0 [pid 6337] <... futex resumed>) = 1 [pid 6338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... open resumed>) = 5 [ 142.050502][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 142.050516][ T28] audit: type=1800 audit(1708613262.124:197): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6338] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6337] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] fallocate(5, 0, 0, 1048820 [pid 6337] <... futex resumed>) = 0 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... fallocate resumed>) = 0 [pid 6338] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] <... futex resumed>) = 0 [pid 6337] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 142.089985][ T28] audit: type=1800 audit(1708613262.164:198): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6338] sendfile(4, 4, NULL, 142609664 [pid 6337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6337] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6337] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6356]}, 88) = 6356 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6356 attached [pid 6337] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6337] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... rseq resumed>) = 0 [pid 6356] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6356] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6356] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = 0 [pid 6337] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... futex resumed>) = 1 [pid 6356] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6356] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [ 142.197771][ T28] audit: type=1800 audit(1708613262.274:199): pid=6356 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6356] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] exit_group(0 [pid 6356] <... futex resumed>) = ? [pid 6337] <... exit_group resumed>) = ? [pid 6356] +++ exited with 0 +++ [pid 6338] <... sendfile resumed>) = ? [pid 6338] +++ exited with 0 +++ [pid 6337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6337, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=55 /* 0.55 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 142.698401][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x5555563ac690) = 6357 [pid 6357] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6357] chdir("./66") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6357] setpgid(0, 0) = 0 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6357] write(3, "1000", 4) = 4 [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6357] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6358 attached [pid 6358] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6357] <... clone3 resumed> => {parent_tid=[6358]}, 88) = 6358 [pid 6358] <... rseq resumed>) = 0 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6358] set_robust_list(0x7f6a9ef039a0, 24 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6358] <... set_robust_list resumed>) = 0 [pid 6357] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], [pid 6357] <... futex resumed>) = 0 [pid 6358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6358] memfd_create("syzkaller", 0 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6358] <... memfd_create resumed>) = 3 [pid 6358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6358] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6358] close(3) = 0 [pid 6358] close(4) = 0 [pid 6358] mkdir("./bus", 0777) = 0 [ 143.149778][ T6358] loop0: detected capacity change from 0 to 32768 [ 143.184053][ T6358] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6358) [ 143.208592][ T6358] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 143.219074][ T6358] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 143.229637][ T6358] BTRFS info (device loop0): using free-space-tree [pid 6358] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6358] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6358] chdir("./bus") = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6358] ioctl(4, LOOP_CLR_FD) = 0 [pid 6358] close(4) = 0 [pid 6358] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6358] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... open resumed>) = 4 [pid 6358] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6358] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... open resumed>) = 5 [pid 6358] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6358] fallocate(5, 0, 0, 1048820 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... fallocate resumed>) = 0 [pid 6358] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 143.323643][ T28] audit: type=1800 audit(1708613263.394:200): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 143.348665][ T28] audit: type=1800 audit(1708613263.424:201): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6358] sendfile(4, 4, NULL, 142609664 [pid 6357] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6357] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6357] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6376]}, 88) = 6376 ./strace-static-x86_64: Process 6376 attached [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6376] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6376] <... rseq resumed>) = 0 [pid 6357] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6357] <... futex resumed>) = 0 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6357] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6376] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6357] <... futex resumed>) = 0 [pid 6376] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6357] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6376] <... futex resumed>) = 0 [ 143.457245][ T28] audit: type=1800 audit(1708613263.534:202): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6376] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] exit_group(0 [pid 6376] <... futex resumed>) = ? [pid 6357] <... exit_group resumed>) = ? [pid 6376] +++ exited with 0 +++ [pid 6358] <... sendfile resumed>) = ? [pid 6358] +++ exited with 0 +++ [pid 6357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 143.903655][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6377 ./strace-static-x86_64: Process 6377 attached [pid 6377] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6377] chdir("./67") = 0 [pid 6377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6377] setpgid(0, 0) = 0 [pid 6377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6377] write(3, "1000", 4) = 4 [pid 6377] close(3) = 0 [pid 6377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6377] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6377] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6378 attached [pid 6378] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6377] <... clone3 resumed> => {parent_tid=[6378]}, 88) = 6378 [pid 6378] set_robust_list(0x7f6a9ef039a0, 24 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], [pid 6378] <... set_robust_list resumed>) = 0 [pid 6377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], [pid 6377] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6377] <... futex resumed>) = 0 [pid 6378] memfd_create("syzkaller", 0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6378] <... memfd_create resumed>) = 3 [pid 6378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6378] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6378] close(3) = 0 [pid 6378] close(4) = 0 [pid 6378] mkdir("./bus", 0777) = 0 [ 144.386777][ T6378] loop0: detected capacity change from 0 to 32768 [ 144.413446][ T6378] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6378) [ 144.432787][ T6378] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 144.443372][ T6378] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 144.453859][ T6378] BTRFS info (device loop0): using free-space-tree [pid 6378] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6378] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6378] chdir("./bus") = 0 [pid 6378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6378] ioctl(4, LOOP_CLR_FD) = 0 [pid 6378] close(4) = 0 [pid 6378] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6377] <... futex resumed>) = 0 [pid 6377] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6377] <... futex resumed>) = 0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6378] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] <... futex resumed>) = 0 [pid 6377] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6378] <... futex resumed>) = 1 [pid 6378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6378] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6377] <... futex resumed>) = 0 [pid 6378] fallocate(5, 0, 0, 1048820 [pid 6377] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6378] <... fallocate resumed>) = 0 [pid 6378] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6377] <... futex resumed>) = 0 [pid 6378] sendfile(4, 4, NULL, 142609664 [pid 6377] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.615407][ T28] audit: type=1800 audit(1708613264.684:203): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 144.639144][ T28] audit: type=1800 audit(1708613264.724:204): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6377] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6377] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6377] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6396 attached => {parent_tid=[6396]}, 88) = 6396 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6377] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6377] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6396] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6396] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6396] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6377] <... futex resumed>) = 0 [pid 6396] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6377] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6377] <... futex resumed>) = 0 [pid 6396] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6377] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6396] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6377] <... futex resumed>) = 0 [ 144.767781][ T28] audit: type=1800 audit(1708613264.844:205): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6396] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6377] exit_group(0 [pid 6396] <... futex resumed>) = ? [pid 6396] +++ exited with 0 +++ [pid 6377] <... exit_group resumed>) = ? [pid 6378] <... sendfile resumed>) = ? [pid 6378] +++ exited with 0 +++ [pid 6377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6377, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 145.082317][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6397 attached , child_tidptr=0x5555563ac690) = 6397 [pid 6397] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6397] chdir("./68") = 0 [pid 6397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6397] setpgid(0, 0) = 0 [pid 6397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6397] write(3, "1000", 4) = 4 [pid 6397] close(3) = 0 [pid 6397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6397] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6398 attached [pid 6398] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6397] <... clone3 resumed> => {parent_tid=[6398]}, 88) = 6398 [pid 6398] <... rseq resumed>) = 0 [pid 6398] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6398] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6397] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] memfd_create("syzkaller", 0 [pid 6397] <... futex resumed>) = 0 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6398] <... memfd_create resumed>) = 3 [pid 6398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6398] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6398] close(3) = 0 [pid 6398] close(4) = 0 [pid 6398] mkdir("./bus", 0777) = 0 [ 145.593207][ T6398] loop0: detected capacity change from 0 to 32768 [ 145.631366][ T6398] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6398) [ 145.653300][ T6398] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 145.666532][ T6398] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 145.676698][ T6398] BTRFS info (device loop0): using free-space-tree [pid 6398] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6398] chdir("./bus") = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6398] ioctl(4, LOOP_CLR_FD) = 0 [pid 6398] close(4) = 0 [pid 6398] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... open resumed>) = 4 [pid 6398] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... open resumed>) = 5 [pid 6398] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6398] <... futex resumed>) = 1 [pid 6397] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] fallocate(5, 0, 0, 1048820 [pid 6397] <... futex resumed>) = 0 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... fallocate resumed>) = 0 [pid 6398] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6398] <... futex resumed>) = 1 [pid 6397] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6398] sendfile(4, 4, NULL, 142609664 [ 145.771581][ T28] audit: type=1800 audit(1708613265.844:206): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6397] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6397] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6397] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6416]}, 88) = 6416 ./strace-static-x86_64: Process 6416 attached [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6416] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] <... rseq resumed>) = 0 [pid 6397] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... futex resumed>) = 0 [pid 6416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6416] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6416] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6416] <... futex resumed>) = 1 [pid 6416] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] exit_group(0) = ? [pid 6416] <... futex resumed>) = ? [pid 6398] <... sendfile resumed>) = ? [pid 6416] +++ exited with 0 +++ [pid 6398] +++ exited with 0 +++ [pid 6397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6397, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 146.212134][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6417 attached , child_tidptr=0x5555563ac690) = 6417 [pid 6417] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6417] chdir("./69") = 0 [pid 6417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6417] setpgid(0, 0) = 0 [pid 6417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6417] write(3, "1000", 4) = 4 [pid 6417] close(3) = 0 [pid 6417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6417] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6418 attached [pid 6418] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6417] <... clone3 resumed> => {parent_tid=[6418]}, 88) = 6418 [pid 6418] set_robust_list(0x7f6a9ef039a0, 24 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] <... set_robust_list resumed>) = 0 [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6417] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6417] <... futex resumed>) = 0 [pid 6418] memfd_create("syzkaller", 0 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] <... memfd_create resumed>) = 3 [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6418] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6418] close(3) = 0 [pid 6418] close(4) = 0 [pid 6418] mkdir("./bus", 0777) = 0 [ 146.702762][ T6418] loop0: detected capacity change from 0 to 32768 [ 146.729987][ T6418] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6418) [pid 6418] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6418] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 146.751346][ T6418] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 146.762530][ T6418] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 146.772740][ T6418] BTRFS info (device loop0): using free-space-tree [pid 6418] chdir("./bus") = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6418] ioctl(4, LOOP_CLR_FD) = 0 [pid 6418] close(4) = 0 [pid 6418] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] <... futex resumed>) = 0 [pid 6418] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... open resumed>) = 4 [pid 6418] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = 0 [pid 6418] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6417] <... futex resumed>) = 1 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] fallocate(5, 0, 0, 1048820 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... fallocate resumed>) = 0 [pid 6418] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] sendfile(4, 4, NULL, 142609664 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6417] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6417] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6436]}, 88) = 6436 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6417] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6436 attached [pid 6417] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6436] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6436] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6436] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6436] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6417] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6436] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] <... futex resumed>) = 0 [pid 6417] exit_group(0 [pid 6436] <... futex resumed>) = ? [pid 6417] <... exit_group resumed>) = ? [pid 6436] +++ exited with 0 +++ [pid 6418] <... sendfile resumed>) = ? [pid 6418] +++ exited with 0 +++ [pid 6417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6417, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 147.379641][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6437 attached , child_tidptr=0x5555563ac690) = 6437 [pid 6437] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6437] chdir("./70") = 0 [pid 6437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6437] setpgid(0, 0) = 0 [pid 6437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6437] write(3, "1000", 4) = 4 [pid 6437] close(3) = 0 [pid 6437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6437] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6438 attached [pid 6438] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6437] <... clone3 resumed> => {parent_tid=[6438]}, 88) = 6438 [pid 6438] set_robust_list(0x7f6a9ef039a0, 24 [pid 6437] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... set_robust_list resumed>) = 0 [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6437] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6437] <... futex resumed>) = 0 [pid 6438] memfd_create("syzkaller", 0 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6438] <... memfd_create resumed>) = 3 [pid 6438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6438] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6438] close(3) = 0 [pid 6438] close(4) = 0 [pid 6438] mkdir("./bus", 0777) = 0 [ 147.914469][ T6438] loop0: detected capacity change from 0 to 32768 [ 147.940254][ T6438] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6438) [ 147.960458][ T6438] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 147.971222][ T6438] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 147.981027][ T6438] BTRFS info (device loop0): using free-space-tree [pid 6438] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6438] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6438] chdir("./bus") = 0 [pid 6438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6438] ioctl(4, LOOP_CLR_FD) = 0 [pid 6438] close(4) = 0 [pid 6438] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... futex resumed>) = 0 [pid 6437] <... futex resumed>) = 1 [pid 6438] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... open resumed>) = 4 [pid 6438] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 148.078823][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 148.078838][ T28] audit: type=1800 audit(1708613268.154:212): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6438] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] <... futex resumed>) = 0 [pid 6438] fallocate(5, 0, 0, 1048820 [pid 6437] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... fallocate resumed>) = 0 [pid 6438] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [ 148.119088][ T28] audit: type=1800 audit(1708613268.194:213): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6438] sendfile(4, 4, NULL, 142609664 [pid 6437] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6437] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6437] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6437] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6456]}, 88) = 6456 ./strace-static-x86_64: Process 6456 attached [pid 6437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6437] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6456] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6456] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6456] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6456] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] <... futex resumed>) = 0 [ 148.208561][ T28] audit: type=1800 audit(1708613268.284:214): pid=6456 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6456] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] exit_group(0 [pid 6456] <... futex resumed>) = ? [pid 6437] <... exit_group resumed>) = ? [pid 6456] +++ exited with 0 +++ [pid 6438] <... sendfile resumed>) = ? [pid 6438] +++ exited with 0 +++ [pid 6437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6437, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=65 /* 0.65 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 148.807594][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6457 attached , child_tidptr=0x5555563ac690) = 6457 [pid 6457] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6457] chdir("./71") = 0 [pid 6457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6457] setpgid(0, 0) = 0 [pid 6457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6457] write(3, "1000", 4) = 4 [pid 6457] close(3) = 0 [pid 6457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6457] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6458 attached [pid 6458] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6457] <... clone3 resumed> => {parent_tid=[6458]}, 88) = 6458 [pid 6458] <... rseq resumed>) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], [pid 6458] set_robust_list(0x7f6a9ef039a0, 24 [pid 6457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] <... set_robust_list resumed>) = 0 [pid 6457] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6457] <... futex resumed>) = 0 [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6458] memfd_create("syzkaller", 0) = 3 [pid 6458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6458] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6458] close(3) = 0 [pid 6458] close(4) = 0 [pid 6458] mkdir("./bus", 0777) = 0 [ 149.235163][ T6458] loop0: detected capacity change from 0 to 32768 [ 149.259986][ T6458] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6458) [ 149.282846][ T6458] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 149.293582][ T6458] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 149.303933][ T6458] BTRFS info (device loop0): using free-space-tree [pid 6458] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6458] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6458] chdir("./bus") = 0 [pid 6458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6458] ioctl(4, LOOP_CLR_FD) = 0 [pid 6458] close(4) = 0 [pid 6458] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6458] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] <... futex resumed>) = 0 [pid 6457] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6457] <... futex resumed>) = 1 [pid 6458] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] <... open resumed>) = 4 [pid 6458] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6458] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] <... futex resumed>) = 0 [pid 6457] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6457] <... futex resumed>) = 1 [pid 6458] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6458] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6457] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6457] <... futex resumed>) = 1 [pid 6458] fallocate(5, 0, 0, 1048820 [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] <... fallocate resumed>) = 0 [pid 6458] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6458] sendfile(4, 4, NULL, 142609664 [pid 6457] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 149.434906][ T28] audit: type=1800 audit(1708613269.504:215): pid=6458 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 149.464825][ T28] audit: type=1800 audit(1708613269.534:216): pid=6458 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6457] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6457] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6476 attached [pid 6476] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6457] <... clone3 resumed> => {parent_tid=[6476]}, 88) = 6476 [pid 6476] <... rseq resumed>) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], [pid 6476] set_robust_list(0x7f6a9eee29a0, 24 [pid 6457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6476] <... set_robust_list resumed>) = 0 [pid 6457] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] rt_sigprocmask(SIG_SETMASK, [], [pid 6457] <... futex resumed>) = 0 [pid 6476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6457] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6476] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6457] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6476] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [ 149.527112][ T28] audit: type=1800 audit(1708613269.604:217): pid=6476 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6476] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] exit_group(0 [pid 6476] <... futex resumed>) = ? [pid 6457] <... exit_group resumed>) = ? [pid 6476] +++ exited with 0 +++ [pid 6458] <... sendfile resumed>) = ? [pid 6458] +++ exited with 0 +++ [pid 6457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6457, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 149.867472][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6477 attached , child_tidptr=0x5555563ac690) = 6477 [pid 6477] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6477] chdir("./72") = 0 [pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6477] setpgid(0, 0) = 0 [pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6477] write(3, "1000", 4) = 4 [pid 6477] close(3) = 0 [pid 6477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6477] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6478 attached [pid 6478] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6477] <... clone3 resumed> => {parent_tid=[6478]}, 88) = 6478 [pid 6478] set_robust_list(0x7f6a9ef039a0, 24 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], [pid 6478] <... set_robust_list resumed>) = 0 [pid 6478] rt_sigprocmask(SIG_SETMASK, [], [pid 6477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6477] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] memfd_create("syzkaller", 0 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6478] <... memfd_create resumed>) = 3 [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6478] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6478] close(3) = 0 [pid 6478] close(4) = 0 [pid 6478] mkdir("./bus", 0777) = 0 [ 150.342891][ T6478] loop0: detected capacity change from 0 to 32768 [ 150.370458][ T6478] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6478) [pid 6478] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 150.399300][ T6478] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 150.409874][ T6478] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 150.420321][ T6478] BTRFS info (device loop0): using free-space-tree [pid 6478] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6478] chdir("./bus") = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6478] ioctl(4, LOOP_CLR_FD) = 0 [pid 6478] close(4) = 0 [pid 6478] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... open resumed>) = 4 [pid 6478] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 0 [pid 6477] <... futex resumed>) = 1 [pid 6478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... open resumed>) = 5 [pid 6478] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] fallocate(5, 0, 0, 1048820 [pid 6477] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... fallocate resumed>) = 0 [pid 6478] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 150.539140][ T28] audit: type=1800 audit(1708613270.614:218): pid=6478 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6478] sendfile(4, 4, NULL, 142609664 [pid 6477] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6477] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6477] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6477] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6496 attached => {parent_tid=[6496]}, 88) = 6496 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6477] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6496] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6496] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6496] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6477] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6496] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [ 150.587292][ T28] audit: type=1800 audit(1708613270.644:219): pid=6478 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 150.644522][ T28] audit: type=1800 audit(1708613270.704:220): pid=6496 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6496] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] exit_group(0 [pid 6496] <... futex resumed>) = ? [pid 6496] +++ exited with 0 +++ [pid 6477] <... exit_group resumed>) = ? [pid 6478] <... sendfile resumed>) = ? [pid 6478] +++ exited with 0 +++ [pid 6477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6477, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 150.972691][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6497 attached , child_tidptr=0x5555563ac690) = 6497 [pid 6497] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6497] chdir("./73") = 0 [pid 6497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6497] setpgid(0, 0) = 0 [pid 6497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6497] write(3, "1000", 4) = 4 [pid 6497] close(3) = 0 [pid 6497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6497] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6498 attached [pid 6498] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6497] <... clone3 resumed> => {parent_tid=[6498]}, 88) = 6498 [pid 6498] <... rseq resumed>) = 0 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], [pid 6498] set_robust_list(0x7f6a9ef039a0, 24 [pid 6497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6498] <... set_robust_list resumed>) = 0 [pid 6497] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6497] <... futex resumed>) = 0 [pid 6498] memfd_create("syzkaller", 0 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6498] <... memfd_create resumed>) = 3 [pid 6498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6498] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6498] close(3) = 0 [pid 6498] close(4) = 0 [pid 6498] mkdir("./bus", 0777) = 0 [ 151.435896][ T6498] loop0: detected capacity change from 0 to 32768 [ 151.477795][ T6498] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6498) [ 151.500313][ T6498] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 151.511655][ T6498] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 151.522117][ T6498] BTRFS info (device loop0): using free-space-tree [pid 6498] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6498] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6498] chdir("./bus") = 0 [pid 6498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6498] ioctl(4, LOOP_CLR_FD) = 0 [pid 6498] close(4) = 0 [pid 6498] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6497] <... futex resumed>) = 1 [pid 6498] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6498] <... futex resumed>) = 0 [pid 6497] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... open resumed>) = 5 [pid 6498] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6498] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6497] <... futex resumed>) = 0 [pid 6498] fallocate(5, 0, 0, 1048820 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... fallocate resumed>) = 0 [pid 6498] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... futex resumed>) = 1 [ 151.646372][ T28] audit: type=1800 audit(1708613271.724:221): pid=6498 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6498] sendfile(4, 4, NULL, 142609664 [pid 6497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6497] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6516 attached => {parent_tid=[6516]}, 88) = 6516 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6497] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6516] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6516] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6516] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6516] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6497] <... futex resumed>) = 0 [pid 6516] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6497] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6516] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6516] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] exit_group(0 [pid 6516] <... futex resumed>) = ? [pid 6497] <... exit_group resumed>) = ? [pid 6516] +++ exited with 0 +++ [pid 6498] <... sendfile resumed>) = ? [pid 6498] +++ exited with 0 +++ [pid 6497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6497, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 152.077147][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6517 attached , child_tidptr=0x5555563ac690) = 6517 [pid 6517] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6517] chdir("./74") = 0 [pid 6517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6517] setpgid(0, 0) = 0 [pid 6517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6517] write(3, "1000", 4) = 4 [pid 6517] close(3) = 0 [pid 6517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6517] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6518 attached [pid 6518] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6517] <... clone3 resumed> => {parent_tid=[6518]}, 88) = 6518 [pid 6518] set_robust_list(0x7f6a9ef039a0, 24 [pid 6517] rt_sigprocmask(SIG_SETMASK, [], [pid 6518] <... set_robust_list resumed>) = 0 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], [pid 6517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6517] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] memfd_create("syzkaller", 0 [pid 6517] <... futex resumed>) = 0 [pid 6518] <... memfd_create resumed>) = 3 [pid 6518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6518] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6518] close(3) = 0 [pid 6518] close(4) = 0 [pid 6518] mkdir("./bus", 0777) = 0 [ 152.564403][ T6518] loop0: detected capacity change from 0 to 32768 [ 152.591752][ T6518] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6518) [ 152.612427][ T6518] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 152.623514][ T6518] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 152.633895][ T6518] BTRFS info (device loop0): using free-space-tree [pid 6518] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6518] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6518] chdir("./bus") = 0 [pid 6518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6518] ioctl(4, LOOP_CLR_FD) = 0 [pid 6518] close(4) = 0 [pid 6518] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6518] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... open resumed>) = 4 [pid 6518] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6518] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... open resumed>) = 5 [pid 6518] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... futex resumed>) = 1 [pid 6518] fallocate(5, 0, 0, 1048820) = 0 [pid 6518] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = 0 [pid 6518] <... futex resumed>) = 1 [pid 6517] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] sendfile(4, 4, NULL, 142609664 [pid 6517] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6517] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6517] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6536]}, 88) = 6536 ./strace-static-x86_64: Process 6536 attached [pid 6517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6517] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6517] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... rseq resumed>) = 0 [pid 6536] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6536] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6536] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6517] <... futex resumed>) = 0 [pid 6536] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6517] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] exit_group(0 [pid 6536] <... futex resumed>) = ? [pid 6517] <... exit_group resumed>) = ? [pid 6536] +++ exited with 0 +++ [pid 6518] <... sendfile resumed>) = ? [pid 6518] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6517, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 153.239562][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6537 attached [pid 6537] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6537] chdir("./75" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 6537 [pid 6537] <... chdir resumed>) = 0 [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6537] setpgid(0, 0) = 0 [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6537] write(3, "1000", 4) = 4 [pid 6537] close(3) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6537] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6538 attached [pid 6538] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6537] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6538] <... rseq resumed>) = 0 [pid 6538] set_robust_list(0x7f6a9ef039a0, 24 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6538] <... set_robust_list resumed>) = 0 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6538] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] memfd_create("syzkaller", 0 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] <... memfd_create resumed>) = 3 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6538] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] close(4) = 0 [pid 6538] mkdir("./bus", 0777) = 0 [ 153.713592][ T6538] loop0: detected capacity change from 0 to 32768 [ 153.746305][ T6538] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6538) [pid 6538] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6538] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6538] chdir("./bus") = 0 [ 153.766340][ T6538] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 153.776759][ T6538] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 153.786901][ T6538] BTRFS info (device loop0): using free-space-tree [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... open resumed>) = 4 [pid 6538] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... open resumed>) = 5 [pid 6538] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] fallocate(5, 0, 0, 1048820 [pid 6537] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] <... fallocate resumed>) = 0 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] sendfile(4, 4, NULL, 142609664 [pid 6537] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 153.878808][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 153.878823][ T28] audit: type=1800 audit(1708613273.954:227): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6537] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6537] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6537] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6556 attached => {parent_tid=[6556]}, 88) = 6556 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6537] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [ 153.916707][ T28] audit: type=1800 audit(1708613273.984:228): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6556] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6556] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6556] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6556] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [ 153.996375][ T28] audit: type=1800 audit(1708613274.074:229): pid=6556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6556] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] exit_group(0 [pid 6556] <... futex resumed>) = ? [pid 6537] <... exit_group resumed>) = ? [pid 6556] +++ exited with 0 +++ [pid 6538] <... sendfile resumed>) = ? [pid 6538] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=47 /* 0.47 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 154.391953][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6557 attached , child_tidptr=0x5555563ac690) = 6557 [pid 6557] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6557] chdir("./76") = 0 [pid 6557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6557] setpgid(0, 0) = 0 [pid 6557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6557] write(3, "1000", 4) = 4 [pid 6557] close(3) = 0 [pid 6557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6557] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6558 attached [pid 6558] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6557] <... clone3 resumed> => {parent_tid=[6558]}, 88) = 6558 [pid 6558] set_robust_list(0x7f6a9ef039a0, 24 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], [pid 6558] <... set_robust_list resumed>) = 0 [pid 6557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], [pid 6557] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] <... futex resumed>) = 0 [pid 6558] memfd_create("syzkaller", 0 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6558] <... memfd_create resumed>) = 3 [pid 6558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6558] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6558] close(3) = 0 [pid 6558] close(4) = 0 [pid 6558] mkdir("./bus", 0777) = 0 [ 154.858821][ T6558] loop0: detected capacity change from 0 to 32768 [ 154.888605][ T6558] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6558) [pid 6558] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6558] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 154.907200][ T6558] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 154.917999][ T6558] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 154.928485][ T6558] BTRFS info (device loop0): using free-space-tree [pid 6558] chdir("./bus") = 0 [pid 6558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6558] ioctl(4, LOOP_CLR_FD) = 0 [pid 6558] close(4) = 0 [pid 6558] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... futex resumed>) = 0 [pid 6558] <... futex resumed>) = 1 [pid 6557] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... open resumed>) = 4 [pid 6558] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... futex resumed>) = 0 [pid 6558] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6558] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... futex resumed>) = 0 [pid 6558] <... futex resumed>) = 1 [pid 6557] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] fallocate(5, 0, 0, 1048820 [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... fallocate resumed>) = 0 [pid 6558] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = 0 [pid 6557] <... futex resumed>) = 1 [pid 6558] sendfile(4, 4, NULL, 142609664 [ 155.019468][ T28] audit: type=1800 audit(1708613275.094:230): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 155.039784][ T28] audit: type=1800 audit(1708613275.104:231): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6557] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6557] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6557] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6575 attached => {parent_tid=[6575]}, 88) = 6575 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6575] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6557] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... rseq resumed>) = 0 [pid 6575] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6557] <... futex resumed>) = 0 [pid 6575] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6575] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6557] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6575] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6557] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6575] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [ 155.163146][ T28] audit: type=1800 audit(1708613275.234:232): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6575] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] exit_group(0 [pid 6575] <... futex resumed>) = ? [pid 6557] <... exit_group resumed>) = ? [pid 6575] +++ exited with 0 +++ [pid 6558] <... sendfile resumed>) = ? [pid 6558] +++ exited with 0 +++ [pid 6557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6557, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 155.616384][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6576 ./strace-static-x86_64: Process 6576 attached [pid 6576] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6576] chdir("./77") = 0 [pid 6576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6576] setpgid(0, 0) = 0 [pid 6576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6576] write(3, "1000", 4) = 4 [pid 6576] close(3) = 0 [pid 6576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6576] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6577 attached [pid 6577] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6576] <... clone3 resumed> => {parent_tid=[6577]}, 88) = 6577 [pid 6577] set_robust_list(0x7f6a9ef039a0, 24 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], [pid 6577] <... set_robust_list resumed>) = 0 [pid 6576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], [pid 6576] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6576] <... futex resumed>) = 0 [pid 6577] memfd_create("syzkaller", 0 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6577] <... memfd_create resumed>) = 3 [pid 6577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6577] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6577] close(3) = 0 [pid 6577] close(4) = 0 [pid 6577] mkdir("./bus", 0777) = 0 [ 156.052097][ T6577] loop0: detected capacity change from 0 to 32768 [ 156.088953][ T6577] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6577) [pid 6577] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6577] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 156.113729][ T6577] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 156.127479][ T6577] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 156.137872][ T6577] BTRFS info (device loop0): using free-space-tree [pid 6577] chdir("./bus") = 0 [pid 6577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6577] ioctl(4, LOOP_CLR_FD) = 0 [pid 6577] close(4) = 0 [pid 6577] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... futex resumed>) = 0 [pid 6577] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6577] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 156.243998][ T28] audit: type=1800 audit(1708613276.314:233): pid=6577 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6577] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] fallocate(5, 0, 0, 1048820) = 0 [pid 6577] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6577] sendfile(4, 4, NULL, 142609664 [ 156.278857][ T28] audit: type=1800 audit(1708613276.354:234): pid=6577 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6576] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6576] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6576] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6595 attached [pid 6595] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6576] <... clone3 resumed> => {parent_tid=[6595]}, 88) = 6595 [pid 6595] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], [pid 6595] rt_sigprocmask(SIG_SETMASK, [], [pid 6576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6595] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6576] <... futex resumed>) = 0 [pid 6595] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6576] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... open resumed>) = 6 [pid 6595] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6595] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6595] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [ 156.378231][ T28] audit: type=1800 audit(1708613276.454:235): pid=6595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6595] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] exit_group(0) = ? [pid 6595] <... futex resumed>) = ? [pid 6577] <... sendfile resumed>) = ? [pid 6595] +++ exited with 0 +++ [pid 6577] +++ exited with 0 +++ [pid 6576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6576, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 156.820152][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6596 attached , child_tidptr=0x5555563ac690) = 6596 [pid 6596] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6596] chdir("./78") = 0 [pid 6596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6596] setpgid(0, 0) = 0 [pid 6596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6596] write(3, "1000", 4) = 4 [pid 6596] close(3) = 0 [pid 6596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6596] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6597 attached [pid 6597] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6596] <... clone3 resumed> => {parent_tid=[6597]}, 88) = 6597 [pid 6597] <... rseq resumed>) = 0 [pid 6596] rt_sigprocmask(SIG_SETMASK, [], [pid 6597] set_robust_list(0x7f6a9ef039a0, 24 [pid 6596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6597] <... set_robust_list resumed>) = 0 [pid 6596] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] rt_sigprocmask(SIG_SETMASK, [], [pid 6596] <... futex resumed>) = 0 [pid 6597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6597] memfd_create("syzkaller", 0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6597] <... memfd_create resumed>) = 3 [pid 6597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6597] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6597] close(3) = 0 [pid 6597] close(4) = 0 [pid 6597] mkdir("./bus", 0777) = 0 [ 157.313984][ T6597] loop0: detected capacity change from 0 to 32768 [ 157.345225][ T6597] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6597) [ 157.367584][ T6597] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 157.379537][ T6597] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 157.390126][ T6597] BTRFS info (device loop0): using free-space-tree [pid 6597] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6597] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6597] chdir("./bus") = 0 [pid 6597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6597] ioctl(4, LOOP_CLR_FD) = 0 [pid 6597] close(4) = 0 [pid 6597] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6596] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = 1 [pid 6596] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... open resumed>) = 4 [pid 6597] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6597] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6596] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... open resumed>) = 5 [pid 6597] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6597] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] fallocate(5, 0, 0, 1048820) = 0 [pid 6597] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] sendfile(4, 4, NULL, 142609664 [ 157.500625][ T28] audit: type=1800 audit(1708613277.574:236): pid=6597 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6596] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6596] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6596] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6615 attached => {parent_tid=[6615]}, 88) = 6615 [pid 6596] rt_sigprocmask(SIG_SETMASK, [], [pid 6615] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6615] <... rseq resumed>) = 0 [pid 6596] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] set_robust_list(0x7f6a9eee29a0, 24 [pid 6596] <... futex resumed>) = 0 [pid 6615] <... set_robust_list resumed>) = 0 [pid 6596] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6615] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6615] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6596] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6615] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6615] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] exit_group(0 [pid 6615] <... futex resumed>) = ? [pid 6596] <... exit_group resumed>) = ? [pid 6615] +++ exited with 0 +++ [pid 6597] <... sendfile resumed>) = ? [pid 6597] +++ exited with 0 +++ [pid 6596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6596, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=54 /* 0.54 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 158.104638][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6616 attached , child_tidptr=0x5555563ac690) = 6616 [pid 6616] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6616] chdir("./79") = 0 [pid 6616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6616] setpgid(0, 0) = 0 [pid 6616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6616] write(3, "1000", 4) = 4 [pid 6616] close(3) = 0 [pid 6616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6616] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6617 attached [pid 6617] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6617] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6617] rt_sigprocmask(SIG_SETMASK, [], [pid 6616] <... clone3 resumed> => {parent_tid=[6617]}, 88) = 6617 [pid 6617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6616] rt_sigprocmask(SIG_SETMASK, [], [pid 6617] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6616] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = 0 [pid 6616] <... futex resumed>) = 1 [pid 6617] memfd_create("syzkaller", 0 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6617] <... memfd_create resumed>) = 3 [pid 6617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6617] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6617] close(3) = 0 [pid 6617] close(4) = 0 [pid 6617] mkdir("./bus", 0777) = 0 [ 158.590732][ T6617] loop0: detected capacity change from 0 to 32768 [ 158.610760][ T6617] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6617) [ 158.629975][ T6617] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 6617] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 158.640613][ T6617] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 158.650969][ T6617] BTRFS info (device loop0): using free-space-tree [pid 6617] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6617] chdir("./bus") = 0 [pid 6617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6617] ioctl(4, LOOP_CLR_FD) = 0 [pid 6617] close(4) = 0 [pid 6617] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6616] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6617] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6617] <... open resumed>) = 4 [pid 6617] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] <... futex resumed>) = 0 [pid 6616] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = 0 [pid 6617] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6616] <... futex resumed>) = 1 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6617] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6617] <... futex resumed>) = 1 [pid 6616] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] fallocate(5, 0, 0, 1048820 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6617] <... fallocate resumed>) = 0 [pid 6617] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6617] sendfile(4, 4, NULL, 142609664 [pid 6616] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6616] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6616] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6635 attached => {parent_tid=[6635]}, 88) = 6635 [pid 6635] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6616] rt_sigprocmask(SIG_SETMASK, [], [pid 6635] <... rseq resumed>) = 0 [pid 6616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6616] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6635] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6635] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6635] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6635] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6616] <... futex resumed>) = 0 [pid 6616] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6635] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6635] <... futex resumed>) = 1 [ 158.946887][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 158.946900][ T28] audit: type=1800 audit(1708613279.024:241): pid=6635 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6635] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] exit_group(0) = ? [pid 6635] <... futex resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6617] <... sendfile resumed>) = ? [pid 6617] +++ exited with 0 +++ [pid 6616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6616, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=55 /* 0.55 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 159.425001][ T6617] syz-executor984 (6617) used greatest stack depth: 18256 bytes left getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 159.518759][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6636 attached , child_tidptr=0x5555563ac690) = 6636 [pid 6636] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6636] chdir("./80") = 0 [pid 6636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6636] setpgid(0, 0) = 0 [pid 6636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6636] write(3, "1000", 4) = 4 [pid 6636] close(3) = 0 [pid 6636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6636] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[6637]}, 88) = 6637 ./strace-static-x86_64: Process 6637 attached [pid 6637] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6636] rt_sigprocmask(SIG_SETMASK, [], [pid 6637] <... rseq resumed>) = 0 [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6636] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] rt_sigprocmask(SIG_SETMASK, [], [pid 6636] <... futex resumed>) = 0 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6637] memfd_create("syzkaller", 0) = 3 [pid 6637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6637] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6637] close(3) = 0 [pid 6637] close(4) = 0 [pid 6637] mkdir("./bus", 0777) = 0 [ 159.950888][ T6637] loop0: detected capacity change from 0 to 32768 [pid 6637] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6637] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6637] chdir("./bus") = 0 [ 159.990669][ T6637] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6637) [ 160.011779][ T6637] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 160.022758][ T6637] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 160.033067][ T6637] BTRFS info (device loop0): using free-space-tree [pid 6637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6637] ioctl(4, LOOP_CLR_FD) = 0 [pid 6637] close(4) = 0 [pid 6637] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6637] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6636] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] <... open resumed>) = 4 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6636] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = 0 [pid 6636] <... futex resumed>) = 0 [pid 6637] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... open resumed>) = 5 [pid 6637] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6637] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6636] <... futex resumed>) = 0 [pid 6637] fallocate(5, 0, 0, 1048820 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... fallocate resumed>) = 0 [pid 6637] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6637] sendfile(4, 4, NULL, 142609664 [pid 6636] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.128971][ T28] audit: type=1800 audit(1708613280.204:242): pid=6637 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 160.149857][ T28] audit: type=1800 audit(1708613280.204:243): pid=6637 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6636] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6636] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6636] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6655 attached [pid 6655] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6636] <... clone3 resumed> => {parent_tid=[6655]}, 88) = 6655 [pid 6655] <... rseq resumed>) = 0 [pid 6655] set_robust_list(0x7f6a9eee29a0, 24 [pid 6636] rt_sigprocmask(SIG_SETMASK, [], [pid 6655] <... set_robust_list resumed>) = 0 [pid 6655] rt_sigprocmask(SIG_SETMASK, [], [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6655] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6636] <... futex resumed>) = 0 [pid 6655] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6636] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] <... open resumed>) = 6 [pid 6655] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6655] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6655] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] <... futex resumed>) = 0 [ 160.225121][ T28] audit: type=1800 audit(1708613280.304:244): pid=6655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6636] exit_group(0) = ? [pid 6655] <... futex resumed>) = ? [pid 6655] +++ exited with 0 +++ [pid 6637] <... sendfile resumed>) = ? [pid 6637] +++ exited with 0 +++ [pid 6636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6636, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 160.659326][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6656 attached , child_tidptr=0x5555563ac690) = 6656 [pid 6656] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6656] chdir("./81") = 0 [pid 6656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6656] setpgid(0, 0) = 0 [pid 6656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6656] write(3, "1000", 4) = 4 [pid 6656] close(3) = 0 [pid 6656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6656] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6657 attached [pid 6657] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6656] <... clone3 resumed> => {parent_tid=[6657]}, 88) = 6657 [pid 6657] <... rseq resumed>) = 0 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], [pid 6657] set_robust_list(0x7f6a9ef039a0, 24 [pid 6656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6657] <... set_robust_list resumed>) = 0 [pid 6656] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6656] <... futex resumed>) = 0 [pid 6657] memfd_create("syzkaller", 0 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6657] <... memfd_create resumed>) = 3 [pid 6657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6657] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6657] close(3) = 0 [pid 6657] close(4) = 0 [pid 6657] mkdir("./bus", 0777) = 0 [ 161.121926][ T6657] loop0: detected capacity change from 0 to 32768 [ 161.152470][ T6657] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6657) [pid 6657] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6657] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6657] chdir("./bus") = 0 [ 161.170917][ T6657] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 161.183103][ T6657] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 161.193746][ T6657] BTRFS info (device loop0): using free-space-tree [pid 6657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6657] ioctl(4, LOOP_CLR_FD) = 0 [pid 6657] close(4) = 0 [pid 6657] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... open resumed>) = 4 [pid 6657] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6656] <... futex resumed>) = 0 [pid 6657] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6656] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6657] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6656] <... futex resumed>) = 1 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] fallocate(5, 0, 0, 1048820) = 0 [ 161.286729][ T28] audit: type=1800 audit(1708613281.364:245): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 161.309052][ T28] audit: type=1800 audit(1708613281.374:246): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6657] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6656] <... futex resumed>) = 0 [pid 6657] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6656] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6656] <... futex resumed>) = 0 [pid 6657] sendfile(4, 4, NULL, 142609664 [pid 6656] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6656] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6656] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6675]}, 88) = 6675 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6656] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6675 attached [pid 6675] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6675] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6675] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6675] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6675] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6656] <... futex resumed>) = 0 [ 161.439835][ T28] audit: type=1800 audit(1708613281.514:247): pid=6675 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6656] exit_group(0 [pid 6675] <... futex resumed>) = ? [pid 6656] <... exit_group resumed>) = ? [pid 6675] +++ exited with 0 +++ [pid 6657] <... sendfile resumed>) = ? [pid 6657] +++ exited with 0 +++ [pid 6656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6656, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 161.910541][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6676 attached , child_tidptr=0x5555563ac690) = 6676 [pid 6676] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6676] chdir("./82") = 0 [pid 6676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6676] setpgid(0, 0) = 0 [pid 6676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6676] write(3, "1000", 4) = 4 [pid 6676] close(3) = 0 [pid 6676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6676] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6677 attached => {parent_tid=[6677]}, 88) = 6677 [pid 6677] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6677] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6676] rt_sigprocmask(SIG_SETMASK, [], [pid 6677] rt_sigprocmask(SIG_SETMASK, [], [pid 6676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6676] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] memfd_create("syzkaller", 0 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6677] <... memfd_create resumed>) = 3 [pid 6677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6677] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6677] close(3) = 0 [pid 6677] close(4) = 0 [pid 6677] mkdir("./bus", 0777) = 0 [ 162.426548][ T6677] loop0: detected capacity change from 0 to 32768 [ 162.469773][ T6677] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6677) [ 162.491287][ T6677] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 162.501568][ T6677] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 162.511530][ T6677] BTRFS info (device loop0): using free-space-tree [pid 6677] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6677] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6677] chdir("./bus") = 0 [pid 6677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6677] ioctl(4, LOOP_CLR_FD) = 0 [pid 6677] close(4) = 0 [pid 6677] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6677] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] <... futex resumed>) = 0 [pid 6676] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6677] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6676] <... futex resumed>) = 1 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6677] <... open resumed>) = 4 [pid 6677] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6676] <... futex resumed>) = 0 [pid 6677] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6676] <... futex resumed>) = 0 [pid 6677] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6677] <... open resumed>) = 5 [pid 6677] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] <... futex resumed>) = 0 [pid 6677] <... futex resumed>) = 1 [pid 6676] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] fallocate(5, 0, 0, 1048820 [pid 6676] <... futex resumed>) = 0 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6677] <... fallocate resumed>) = 0 [pid 6677] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] <... futex resumed>) = 0 [pid 6676] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6677] <... futex resumed>) = 1 [ 162.589519][ T28] audit: type=1800 audit(1708613282.664:248): pid=6677 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 162.611416][ T28] audit: type=1800 audit(1708613282.684:249): pid=6677 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6677] sendfile(4, 4, NULL, 142609664 [pid 6676] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6676] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6676] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6694 attached [pid 6694] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6676] <... clone3 resumed> => {parent_tid=[6694]}, 88) = 6694 [pid 6694] <... rseq resumed>) = 0 [pid 6676] rt_sigprocmask(SIG_SETMASK, [], [pid 6694] set_robust_list(0x7f6a9eee29a0, 24 [pid 6676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6694] <... set_robust_list resumed>) = 0 [pid 6676] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] rt_sigprocmask(SIG_SETMASK, [], [pid 6676] <... futex resumed>) = 0 [pid 6694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6676] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6694] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] <... futex resumed>) = 0 [pid 6676] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] <... futex resumed>) = 0 [pid 6676] <... futex resumed>) = 1 [pid 6694] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6676] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6694] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] <... futex resumed>) = 0 [ 162.701350][ T28] audit: type=1800 audit(1708613282.774:250): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6676] exit_group(0) = ? [pid 6694] <... futex resumed>) = ? [pid 6694] +++ exited with 0 +++ [pid 6677] <... sendfile resumed>) = ? [pid 6677] +++ exited with 0 +++ [pid 6676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6676, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 163.200725][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6695 attached , child_tidptr=0x5555563ac690) = 6695 [pid 6695] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6695] chdir("./83") = 0 [pid 6695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6695] setpgid(0, 0) = 0 [pid 6695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6695] write(3, "1000", 4) = 4 [pid 6695] close(3) = 0 [pid 6695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6695] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6696 attached [pid 6696] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6695] <... clone3 resumed> => {parent_tid=[6696]}, 88) = 6696 [pid 6696] <... rseq resumed>) = 0 [pid 6695] rt_sigprocmask(SIG_SETMASK, [], [pid 6696] set_robust_list(0x7f6a9ef039a0, 24 [pid 6695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6696] <... set_robust_list resumed>) = 0 [pid 6695] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] rt_sigprocmask(SIG_SETMASK, [], [pid 6695] <... futex resumed>) = 0 [pid 6696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6696] memfd_create("syzkaller", 0) = 3 [pid 6696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6696] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6696] close(3) = 0 [pid 6696] close(4) = 0 [pid 6696] mkdir("./bus", 0777) = 0 [ 163.735693][ T6696] loop0: detected capacity change from 0 to 32768 [ 163.782581][ T6696] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6696) [ 163.802639][ T6696] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 163.813864][ T6696] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 163.824037][ T6696] BTRFS info (device loop0): using free-space-tree [pid 6696] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6696] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6696] chdir("./bus") = 0 [pid 6696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6696] ioctl(4, LOOP_CLR_FD) = 0 [pid 6696] close(4) = 0 [pid 6696] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6696] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6695] <... futex resumed>) = 0 [pid 6696] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... open resumed>) = 4 [pid 6696] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6695] <... futex resumed>) = 0 [pid 6696] <... open resumed>) = 5 [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] fallocate(5, 0, 0, 1048820 [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... fallocate resumed>) = 0 [pid 6696] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6696] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6695] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] sendfile(4, 4, NULL, 142609664 [pid 6695] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6695] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6695] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6714 attached => {parent_tid=[6714]}, 88) = 6714 [pid 6714] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6695] rt_sigprocmask(SIG_SETMASK, [], [pid 6714] <... rseq resumed>) = 0 [pid 6695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6714] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6695] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], [pid 6695] <... futex resumed>) = 0 [pid 6714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6695] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6714] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6695] <... futex resumed>) = 1 [pid 6714] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6695] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6714] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [ 163.999456][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 163.999469][ T28] audit: type=1800 audit(1708613284.074:253): pid=6714 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6714] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] exit_group(0 [pid 6714] <... futex resumed>) = ? [pid 6695] <... exit_group resumed>) = ? [pid 6714] +++ exited with 0 +++ [pid 6696] <... sendfile resumed>) = ? [pid 6696] +++ exited with 0 +++ [pid 6695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6695, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=60 /* 0.60 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 164.578604][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6715 attached , child_tidptr=0x5555563ac690) = 6715 [pid 6715] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6715] chdir("./84") = 0 [pid 6715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6715] setpgid(0, 0) = 0 [pid 6715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6715] write(3, "1000", 4) = 4 [pid 6715] close(3) = 0 [pid 6715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6715] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6716 attached => {parent_tid=[6716]}, 88) = 6716 [pid 6716] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], [pid 6716] <... rseq resumed>) = 0 [pid 6715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6716] set_robust_list(0x7f6a9ef039a0, 24 [pid 6715] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... set_robust_list resumed>) = 0 [pid 6715] <... futex resumed>) = 0 [pid 6716] rt_sigprocmask(SIG_SETMASK, [], [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6716] memfd_create("syzkaller", 0) = 3 [pid 6716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6716] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6716] close(3) = 0 [pid 6716] close(4) = 0 [pid 6716] mkdir("./bus", 0777) = 0 [ 165.063441][ T6716] loop0: detected capacity change from 0 to 32768 [ 165.110679][ T6716] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6716) [ 165.131415][ T6716] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 165.142331][ T6716] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 165.153076][ T6716] BTRFS info (device loop0): using free-space-tree [pid 6716] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6716] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6716] chdir("./bus") = 0 [pid 6716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6716] ioctl(4, LOOP_CLR_FD) = 0 [pid 6716] close(4) = 0 [pid 6716] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6715] <... futex resumed>) = 0 [pid 6715] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] <... futex resumed>) = 0 [pid 6716] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6716] <... open resumed>) = 4 [pid 6716] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6715] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6716] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6716] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6715] <... futex resumed>) = 0 [pid 6715] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6716] fallocate(5, 0, 0, 1048820 [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6716] <... fallocate resumed>) = 0 [pid 6716] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6716] sendfile(4, 4, NULL, 142609664 [pid 6715] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 165.288597][ T28] audit: type=1800 audit(1708613285.364:254): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 165.313353][ T28] audit: type=1800 audit(1708613285.384:255): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6715] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6715] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6715] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6734 attached => {parent_tid=[6734]}, 88) = 6734 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6715] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6734] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6734] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6734] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6734] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6734] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6715] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6715] <... futex resumed>) = 0 [pid 6734] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6715] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6734] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6734] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [ 165.407917][ T28] audit: type=1800 audit(1708613285.484:256): pid=6734 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6734] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6715] exit_group(0 [pid 6734] <... futex resumed>) = ? [pid 6715] <... exit_group resumed>) = ? [pid 6734] +++ exited with 0 +++ [pid 6716] <... sendfile resumed>) = ? [pid 6716] +++ exited with 0 +++ [pid 6715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6715, si_uid=0, si_status=0, si_utime=0, si_stime=72 /* 0.72 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 166.052563][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6735 attached , child_tidptr=0x5555563ac690) = 6735 [pid 6735] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6735] chdir("./85") = 0 [pid 6735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6735] setpgid(0, 0) = 0 [pid 6735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6735] write(3, "1000", 4) = 4 [pid 6735] close(3) = 0 [pid 6735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6735] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6736 attached => {parent_tid=[6736]}, 88) = 6736 [pid 6736] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6736] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], [pid 6736] rt_sigprocmask(SIG_SETMASK, [], [pid 6735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] memfd_create("syzkaller", 0 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6736] <... memfd_create resumed>) = 3 [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6736] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6736] close(3) = 0 [pid 6736] close(4) = 0 [pid 6736] mkdir("./bus", 0777) = 0 [ 166.533624][ T6736] loop0: detected capacity change from 0 to 32768 [ 166.571769][ T6736] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6736) [ 166.596736][ T6736] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 166.608117][ T6736] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 166.618437][ T6736] BTRFS info (device loop0): using free-space-tree [pid 6736] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6736] chdir("./bus") = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6736] ioctl(4, LOOP_CLR_FD) = 0 [pid 6736] close(4) = 0 [pid 6736] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6736] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... open resumed>) = 4 [pid 6736] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6736] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... futex resumed>) = 0 [pid 6736] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6736] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... futex resumed>) = 1 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6735] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... futex resumed>) = 0 [pid 6735] <... futex resumed>) = 1 [pid 6736] fallocate(5, 0, 0, 1048820 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... fallocate resumed>) = 0 [pid 6736] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] sendfile(4, 4, NULL, 142609664 [pid 6735] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.726664][ T28] audit: type=1800 audit(1708613286.804:257): pid=6736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 166.753207][ T28] audit: type=1800 audit(1708613286.824:258): pid=6736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6735] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6735] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6735] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6754]}, 88) = 6754 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6735] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6754 attached [pid 6754] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6754] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6754] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6754] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [ 166.845968][ T28] audit: type=1800 audit(1708613286.914:259): pid=6754 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6754] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] exit_group(0 [pid 6754] <... futex resumed>) = ? [pid 6735] <... exit_group resumed>) = ? [pid 6754] +++ exited with 0 +++ [pid 6736] <... sendfile resumed>) = ? [pid 6736] +++ exited with 0 +++ [pid 6735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6735, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 167.178622][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6755 attached , child_tidptr=0x5555563ac690) = 6755 [pid 6755] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6755] chdir("./86") = 0 [pid 6755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6755] setpgid(0, 0) = 0 [pid 6755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6755] write(3, "1000", 4) = 4 [pid 6755] close(3) = 0 [pid 6755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6755] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6756 attached [pid 6756] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6755] <... clone3 resumed> => {parent_tid=[6756]}, 88) = 6756 [pid 6756] set_robust_list(0x7f6a9ef039a0, 24 [pid 6755] rt_sigprocmask(SIG_SETMASK, [], [pid 6756] <... set_robust_list resumed>) = 0 [pid 6755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6755] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6756] memfd_create("syzkaller", 0) = 3 [pid 6756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6756] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6756] close(3) = 0 [pid 6756] close(4) = 0 [pid 6756] mkdir("./bus", 0777) = 0 [ 167.610605][ T6756] loop0: detected capacity change from 0 to 32768 [ 167.646422][ T6756] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6756) [pid 6756] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [ 167.668647][ T6756] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 167.680004][ T6756] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 167.690424][ T6756] BTRFS info (device loop0): using free-space-tree [pid 6756] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6756] chdir("./bus") = 0 [pid 6756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6756] ioctl(4, LOOP_CLR_FD) = 0 [pid 6756] close(4) = 0 [pid 6756] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 1 [pid 6756] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... open resumed>) = 4 [pid 6756] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6756] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6755] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... open resumed>) = 5 [pid 6756] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 0 [pid 6756] fallocate(5, 0, 0, 1048820) = 0 [pid 6756] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6756] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6755] <... futex resumed>) = 0 [pid 6756] sendfile(4, 4, NULL, 142609664 [ 167.801362][ T28] audit: type=1800 audit(1708613287.874:260): pid=6756 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 167.826233][ T28] audit: type=1800 audit(1708613287.904:261): pid=6756 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6755] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6755] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6755] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6774 attached => {parent_tid=[6774]}, 88) = 6774 [pid 6755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6755] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6774] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6774] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6774] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 1 [pid 6774] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6755] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6774] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [ 167.900489][ T28] audit: type=1800 audit(1708613287.974:262): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6774] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] exit_group(0 [pid 6774] <... futex resumed>) = ? [pid 6756] <... sendfile resumed>) = ? [pid 6755] <... exit_group resumed>) = ? [pid 6774] +++ exited with 0 +++ [pid 6756] +++ exited with 0 +++ [pid 6755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6755, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 168.379665][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 6775 ./strace-static-x86_64: Process 6775 attached [pid 6775] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6775] chdir("./87") = 0 [pid 6775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6775] setpgid(0, 0) = 0 [pid 6775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6775] write(3, "1000", 4) = 4 [pid 6775] close(3) = 0 [pid 6775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6775] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6776 attached => {parent_tid=[6776]}, 88) = 6776 [pid 6776] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6776] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] rt_sigprocmask(SIG_SETMASK, [], [pid 6776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6776] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6776] memfd_create("syzkaller", 0) = 3 [pid 6776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6776] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6776] close(3) = 0 [pid 6776] close(4) = 0 [pid 6776] mkdir("./bus", 0777) = 0 [ 168.885593][ T6776] loop0: detected capacity change from 0 to 32768 [ 168.911451][ T6776] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6776) [ 168.930451][ T6776] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 168.941334][ T6776] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 168.951652][ T6776] BTRFS info (device loop0): using free-space-tree [pid 6776] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6776] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6776] chdir("./bus") = 0 [pid 6776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6776] ioctl(4, LOOP_CLR_FD) = 0 [pid 6776] close(4) = 0 [pid 6776] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6776] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6776] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6776] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6776] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6775] <... futex resumed>) = 0 [pid 6776] <... open resumed>) = 5 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = 0 [pid 6775] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] <... futex resumed>) = 1 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] fallocate(5, 0, 0, 1048820) = 0 [pid 6776] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = 0 [pid 6776] <... futex resumed>) = 1 [pid 6775] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 169.048991][ T28] audit: type=1800 audit(1708613289.124:263): pid=6776 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 169.069900][ T28] audit: type=1800 audit(1708613289.124:264): pid=6776 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6776] sendfile(4, 4, NULL, 142609664 [pid 6775] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6775] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6775] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6793 attached [pid 6793] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6793] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] <... clone3 resumed> => {parent_tid=[6793]}, 88) = 6793 [pid 6793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6793] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6775] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = 0 [pid 6775] <... futex resumed>) = 1 [pid 6793] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6775] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... open resumed>) = 6 [pid 6793] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6793] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6793] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6775] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6793] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [ 169.149817][ T28] audit: type=1800 audit(1708613289.224:265): pid=6793 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6793] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] exit_group(0) = ? [pid 6793] <... futex resumed>) = ? [pid 6776] <... sendfile resumed>) = ? [pid 6793] +++ exited with 0 +++ [pid 6776] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6775, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=60 /* 0.60 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 169.732257][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6794 attached , child_tidptr=0x5555563ac690) = 6794 [pid 6794] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6794] chdir("./88") = 0 [pid 6794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6794] setpgid(0, 0) = 0 [pid 6794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6794] write(3, "1000", 4) = 4 [pid 6794] close(3) = 0 [pid 6794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6794] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6795 attached [pid 6795] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6794] <... clone3 resumed> => {parent_tid=[6795]}, 88) = 6795 [pid 6795] <... rseq resumed>) = 0 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] set_robust_list(0x7f6a9ef039a0, 24 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] <... set_robust_list resumed>) = 0 [pid 6794] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] <... futex resumed>) = 0 [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] memfd_create("syzkaller", 0 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6795] <... memfd_create resumed>) = 3 [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6795] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] close(3) = 0 [pid 6795] close(4) = 0 [pid 6795] mkdir("./bus", 0777) = 0 [ 170.228749][ T6795] loop0: detected capacity change from 0 to 32768 [ 170.266344][ T6795] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6795) [ 170.295221][ T6795] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 170.306348][ T6795] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 170.318015][ T6795] BTRFS info (device loop0): using free-space-tree [pid 6795] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6795] chdir("./bus") = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_CLR_FD) = 0 [pid 6795] close(4) = 0 [pid 6795] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... open resumed>) = 4 [pid 6795] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... futex resumed>) = 0 [ 170.398573][ T28] audit: type=1800 audit(1708613290.474:266): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6795] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] fallocate(5, 0, 0, 1048820 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... fallocate resumed>) = 0 [pid 6795] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... futex resumed>) = 1 [ 170.432149][ T28] audit: type=1800 audit(1708613290.504:267): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6795] sendfile(4, 4, NULL, 142609664 [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6794] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6813]}, 88) = 6813 ./strace-static-x86_64: Process 6813 attached [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] <... rseq resumed>) = 0 [pid 6794] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] set_robust_list(0x7f6a9eee29a0, 24 [pid 6794] <... futex resumed>) = 0 [pid 6813] <... set_robust_list resumed>) = 0 [pid 6794] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6813] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6813] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6813] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [ 170.534646][ T28] audit: type=1800 audit(1708613290.604:268): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6813] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] <... futex resumed>) = 0 [pid 6794] exit_group(0 [pid 6813] <... futex resumed>) = ? [pid 6794] <... exit_group resumed>) = ? [pid 6813] +++ exited with 0 +++ [pid 6795] <... sendfile resumed>) = ? [pid 6795] +++ exited with 0 +++ [pid 6794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6794, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 171.117866][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6814 attached , child_tidptr=0x5555563ac690) = 6814 [pid 6814] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6814] chdir("./89") = 0 [pid 6814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6814] setpgid(0, 0) = 0 [pid 6814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6814] write(3, "1000", 4) = 4 [pid 6814] close(3) = 0 [pid 6814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6814] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6815 attached [pid 6815] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6814] <... clone3 resumed> => {parent_tid=[6815]}, 88) = 6815 [pid 6815] set_robust_list(0x7f6a9ef039a0, 24 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], [pid 6815] <... set_robust_list resumed>) = 0 [pid 6814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6814] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] memfd_create("syzkaller", 0 [pid 6814] <... futex resumed>) = 0 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6815] <... memfd_create resumed>) = 3 [pid 6815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6815] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6815] close(3) = 0 [pid 6815] close(4) = 0 [pid 6815] mkdir("./bus", 0777) = 0 [ 171.613528][ T6815] loop0: detected capacity change from 0 to 32768 [ 171.642613][ T6815] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6815) [pid 6815] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6815] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 171.662871][ T6815] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 171.673540][ T6815] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 171.684842][ T6815] BTRFS info (device loop0): using free-space-tree [pid 6815] chdir("./bus") = 0 [pid 6815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6815] ioctl(4, LOOP_CLR_FD) = 0 [pid 6815] close(4) = 0 [pid 6815] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] <... futex resumed>) = 0 [pid 6815] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6814] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6815] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6814] <... futex resumed>) = 0 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] <... open resumed>) = 4 [pid 6815] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] <... futex resumed>) = 0 [pid 6815] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6814] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... open resumed>) = 5 [pid 6814] <... futex resumed>) = 0 [pid 6815] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] <... futex resumed>) = 0 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6815] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6814] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6814] <... futex resumed>) = 0 [pid 6815] fallocate(5, 0, 0, 1048820 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] <... fallocate resumed>) = 0 [pid 6815] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6814] <... futex resumed>) = 0 [pid 6814] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] <... futex resumed>) = 0 [ 171.788636][ T28] audit: type=1800 audit(1708613291.864:269): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 171.815664][ T28] audit: type=1800 audit(1708613291.884:270): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6815] sendfile(4, 4, NULL, 142609664 [pid 6814] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6814] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6814] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6833]}, 88) = 6833 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6814] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6833 attached [pid 6833] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6833] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6833] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6833] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] <... futex resumed>) = 0 [pid 6833] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6814] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6814] <... futex resumed>) = 0 [pid 6833] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] <... futex resumed>) = 0 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 171.919213][ T28] audit: type=1800 audit(1708613291.994:271): pid=6833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6833] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6814] exit_group(0 [pid 6833] <... futex resumed>) = ? [pid 6814] <... exit_group resumed>) = ? [pid 6833] +++ exited with 0 +++ [pid 6815] <... sendfile resumed>) = ? [pid 6815] +++ exited with 0 +++ [pid 6814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6814, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=57 /* 0.57 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 172.430961][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6834 attached , child_tidptr=0x5555563ac690) = 6834 [pid 6834] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6834] chdir("./90") = 0 [pid 6834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6834] setpgid(0, 0) = 0 [pid 6834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6834] write(3, "1000", 4) = 4 [pid 6834] close(3) = 0 [pid 6834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6834] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6835 attached [pid 6835] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6834] <... clone3 resumed> => {parent_tid=[6835]}, 88) = 6835 [pid 6835] <... rseq resumed>) = 0 [pid 6835] set_robust_list(0x7f6a9ef039a0, 24 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], [pid 6835] <... set_robust_list resumed>) = 0 [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6834] <... futex resumed>) = 0 [pid 6835] memfd_create("syzkaller", 0 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6835] <... memfd_create resumed>) = 3 [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6835] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6835] close(3) = 0 [pid 6835] close(4) = 0 [pid 6835] mkdir("./bus", 0777) = 0 [ 172.922093][ T6835] loop0: detected capacity change from 0 to 32768 [ 172.944368][ T6835] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6835) [ 172.963319][ T6835] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 172.974114][ T6835] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 172.984279][ T6835] BTRFS info (device loop0): using free-space-tree [pid 6835] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6835] chdir("./bus") = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6835] ioctl(4, LOOP_CLR_FD) = 0 [pid 6835] close(4) = 0 [pid 6835] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6835] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6834] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... open resumed>) = 4 [pid 6835] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6834] <... futex resumed>) = 1 [pid 6835] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... open resumed>) = 5 [pid 6835] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6835] fallocate(5, 0, 0, 1048820 [pid 6834] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... fallocate resumed>) = 0 [pid 6835] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6835] sendfile(4, 4, NULL, 142609664 [pid 6834] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 173.076850][ T28] audit: type=1800 audit(1708613293.154:272): pid=6835 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6834] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6834] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6834] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6853 attached [pid 6853] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6834] <... clone3 resumed> => {parent_tid=[6853]}, 88) = 6853 [pid 6853] <... rseq resumed>) = 0 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], [pid 6853] set_robust_list(0x7f6a9eee29a0, 24 [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6853] <... set_robust_list resumed>) = 0 [pid 6834] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] <... futex resumed>) = 0 [pid 6853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6834] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6853] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6853] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6834] <... futex resumed>) = 0 [pid 6853] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6834] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6853] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6853] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] exit_group(0) = ? [pid 6853] <... futex resumed>) = ? [pid 6853] +++ exited with 0 +++ [pid 6835] <... sendfile resumed>) = ? [pid 6835] +++ exited with 0 +++ [pid 6834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6834, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=59 /* 0.59 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 173.678122][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6854 attached , child_tidptr=0x5555563ac690) = 6854 [pid 6854] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6854] chdir("./91") = 0 [pid 6854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6854] setpgid(0, 0) = 0 [pid 6854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6854] write(3, "1000", 4) = 4 [pid 6854] close(3) = 0 [pid 6854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6854] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6855 attached [pid 6855] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6854] <... clone3 resumed> => {parent_tid=[6855]}, 88) = 6855 [pid 6855] <... rseq resumed>) = 0 [pid 6854] rt_sigprocmask(SIG_SETMASK, [], [pid 6855] set_robust_list(0x7f6a9ef039a0, 24 [pid 6854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6855] <... set_robust_list resumed>) = 0 [pid 6854] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6854] <... futex resumed>) = 0 [pid 6855] memfd_create("syzkaller", 0 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6855] <... memfd_create resumed>) = 3 [pid 6855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6855] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6855] close(3) = 0 [pid 6855] close(4) = 0 [pid 6855] mkdir("./bus", 0777) = 0 [ 174.172980][ T6855] loop0: detected capacity change from 0 to 32768 [ 174.212029][ T6855] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6855) [pid 6855] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 174.245302][ T6855] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 174.256497][ T6855] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 174.267052][ T6855] BTRFS info (device loop0): using free-space-tree [pid 6855] chdir("./bus") = 0 [pid 6855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6855] ioctl(4, LOOP_CLR_FD) = 0 [pid 6855] close(4) = 0 [pid 6855] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6854] <... futex resumed>) = 0 [pid 6855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6854] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] <... open resumed>) = 4 [pid 6855] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6854] <... futex resumed>) = 1 [pid 6855] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6855] <... futex resumed>) = 0 [pid 6854] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] fallocate(5, 0, 0, 1048820 [pid 6854] <... futex resumed>) = 0 [ 174.349619][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 174.349632][ T28] audit: type=1800 audit(1708613294.424:275): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] <... fallocate resumed>) = 0 [pid 6855] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6855] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6854] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6854] <... futex resumed>) = 0 [pid 6855] sendfile(4, 4, NULL, 142609664 [ 174.381178][ T28] audit: type=1800 audit(1708613294.464:276): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6854] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6854] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6854] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6873]}, 88) = 6873 [pid 6854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6854] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6873 attached [pid 6873] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6873] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6873] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6873] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6873] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6854] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6873] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6873] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6873] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6854] <... futex resumed>) = 0 [ 174.485273][ T28] audit: type=1800 audit(1708613294.564:277): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6854] exit_group(0 [pid 6873] <... futex resumed>) = ? [pid 6855] <... sendfile resumed>) = ? [pid 6854] <... exit_group resumed>) = ? [pid 6873] +++ exited with 0 +++ [pid 6855] +++ exited with 0 +++ [pid 6854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6854, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 174.878041][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6874 attached , child_tidptr=0x5555563ac690) = 6874 [pid 6874] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6874] chdir("./92") = 0 [pid 6874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6874] setpgid(0, 0) = 0 [pid 6874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6874] write(3, "1000", 4) = 4 [pid 6874] close(3) = 0 [pid 6874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6874] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6875 attached [pid 6875] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6874] <... clone3 resumed> => {parent_tid=[6875]}, 88) = 6875 [pid 6875] <... rseq resumed>) = 0 [pid 6874] rt_sigprocmask(SIG_SETMASK, [], [pid 6875] set_robust_list(0x7f6a9ef039a0, 24 [pid 6874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6875] <... set_robust_list resumed>) = 0 [pid 6874] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] rt_sigprocmask(SIG_SETMASK, [], [pid 6874] <... futex resumed>) = 0 [pid 6875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6875] memfd_create("syzkaller", 0) = 3 [pid 6875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6875] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6875] close(3) = 0 [pid 6875] close(4) = 0 [pid 6875] mkdir("./bus", 0777) = 0 [ 175.302372][ T6875] loop0: detected capacity change from 0 to 32768 [ 175.346784][ T6875] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6875) [ 175.370372][ T6875] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 175.381557][ T6875] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 175.391984][ T6875] BTRFS info (device loop0): using free-space-tree [pid 6875] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6875] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6875] chdir("./bus") = 0 [pid 6875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6875] ioctl(4, LOOP_CLR_FD) = 0 [pid 6875] close(4) = 0 [pid 6875] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 0 [pid 6875] <... futex resumed>) = 1 [pid 6874] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... open resumed>) = 4 [pid 6875] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [ 175.495107][ T28] audit: type=1800 audit(1708613295.574:278): pid=6875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6875] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6874] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... open resumed>) = 5 [pid 6875] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 0 [pid 6875] <... futex resumed>) = 1 [pid 6874] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] fallocate(5, 0, 0, 1048820) = 0 [pid 6875] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 0 [pid 6875] <... futex resumed>) = 1 [pid 6874] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] sendfile(4, 4, NULL, 142609664 [pid 6874] <... futex resumed>) = 0 [ 175.537093][ T28] audit: type=1800 audit(1708613295.614:279): pid=6875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6874] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6874] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6874] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6893 attached [pid 6893] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6874] <... clone3 resumed> => {parent_tid=[6893]}, 88) = 6893 [pid 6893] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6893] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6874] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... futex resumed>) = 0 [pid 6893] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6893] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6893] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6874] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6874] <... futex resumed>) = 0 [pid 6893] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6874] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6893] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [ 175.651487][ T28] audit: type=1800 audit(1708613295.724:280): pid=6893 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6893] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6874] exit_group(0 [pid 6893] <... futex resumed>) = ? [pid 6874] <... exit_group resumed>) = ? [pid 6893] +++ exited with 0 +++ [pid 6875] <... sendfile resumed>) = ? [pid 6875] +++ exited with 0 +++ [pid 6874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6874, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 175.974595][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6894 attached , child_tidptr=0x5555563ac690) = 6894 [pid 6894] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6894] chdir("./93") = 0 [pid 6894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6894] setpgid(0, 0) = 0 [pid 6894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6894] write(3, "1000", 4) = 4 [pid 6894] close(3) = 0 [pid 6894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6894] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6895 attached [pid 6895] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6894] <... clone3 resumed> => {parent_tid=[6895]}, 88) = 6895 [pid 6895] <... rseq resumed>) = 0 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], [pid 6895] set_robust_list(0x7f6a9ef039a0, 24 [pid 6894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6895] <... set_robust_list resumed>) = 0 [pid 6894] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6894] <... futex resumed>) = 0 [pid 6895] memfd_create("syzkaller", 0 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6895] <... memfd_create resumed>) = 3 [pid 6895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6895] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6895] close(3) = 0 [pid 6895] close(4) = 0 [pid 6895] mkdir("./bus", 0777) = 0 [ 176.487805][ T6895] loop0: detected capacity change from 0 to 32768 [ 176.513960][ T6895] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6895) [pid 6895] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6895] chdir("./bus") = 0 [pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 176.534235][ T6895] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 176.544626][ T6895] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 176.554376][ T6895] BTRFS info (device loop0): using free-space-tree [pid 6895] ioctl(4, LOOP_CLR_FD) = 0 [pid 6895] close(4) = 0 [pid 6895] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6894] <... futex resumed>) = 0 [pid 6895] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] <... open resumed>) = 4 [pid 6895] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6895] <... futex resumed>) = 1 [pid 6894] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6895] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... futex resumed>) = 0 [pid 6894] <... futex resumed>) = 1 [pid 6895] fallocate(5, 0, 0, 1048820 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] <... fallocate resumed>) = 0 [pid 6895] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] sendfile(4, 4, NULL, 142609664 [pid 6894] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.603836][ T28] audit: type=1800 audit(1708613296.674:281): pid=6895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 176.624428][ T28] audit: type=1800 audit(1708613296.674:282): pid=6895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6894] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6894] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6894] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6912 attached [pid 6912] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6894] <... clone3 resumed> => {parent_tid=[6912]}, 88) = 6912 [pid 6912] <... rseq resumed>) = 0 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], [pid 6912] set_robust_list(0x7f6a9eee29a0, 24 [pid 6894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6912] <... set_robust_list resumed>) = 0 [pid 6894] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6894] <... futex resumed>) = 0 [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6894] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6912] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6912] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6894] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6912] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [ 176.719395][ T28] audit: type=1800 audit(1708613296.794:283): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6912] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] exit_group(0 [pid 6912] <... futex resumed>) = ? [pid 6912] +++ exited with 0 +++ [pid 6894] <... exit_group resumed>) = ? [pid 6895] <... sendfile resumed>) = ? [pid 6895] +++ exited with 0 +++ [pid 6894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6894, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 177.212056][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6913 attached , child_tidptr=0x5555563ac690) = 6913 [pid 6913] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6913] chdir("./94") = 0 [pid 6913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6913] setpgid(0, 0) = 0 [pid 6913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6913] write(3, "1000", 4) = 4 [pid 6913] close(3) = 0 [pid 6913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6913] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6914 attached [pid 6914] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6913] <... clone3 resumed> => {parent_tid=[6914]}, 88) = 6914 [pid 6914] <... rseq resumed>) = 0 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], [pid 6914] set_robust_list(0x7f6a9ef039a0, 24 [pid 6913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6914] <... set_robust_list resumed>) = 0 [pid 6914] rt_sigprocmask(SIG_SETMASK, [], [pid 6913] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6913] <... futex resumed>) = 0 [pid 6914] memfd_create("syzkaller", 0 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6914] <... memfd_create resumed>) = 3 [pid 6914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6914] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6914] close(3) = 0 [pid 6914] close(4) = 0 [pid 6914] mkdir("./bus", 0777) = 0 [ 177.658930][ T6914] loop0: detected capacity change from 0 to 32768 [ 177.687306][ T6914] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6914) [pid 6914] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6914] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 177.707146][ T6914] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 177.719263][ T6914] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 177.729755][ T6914] BTRFS info (device loop0): using free-space-tree [pid 6914] chdir("./bus") = 0 [pid 6914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6914] ioctl(4, LOOP_CLR_FD) = 0 [pid 6914] close(4) = 0 [pid 6914] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6914] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6913] <... futex resumed>) = 0 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6914] <... open resumed>) = 4 [pid 6914] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6914] <... futex resumed>) = 0 [pid 6914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6914] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6914] fallocate(5, 0, 0, 1048820 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6914] <... fallocate resumed>) = 0 [pid 6914] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6914] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] <... futex resumed>) = 0 [pid 6914] sendfile(4, 4, NULL, 142609664 [ 177.822258][ T28] audit: type=1800 audit(1708613297.894:284): pid=6914 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6913] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6913] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6913] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[6932]}, 88) = 6932 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6932 attached [pid 6932] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6913] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6932] <... rseq resumed>) = 0 [pid 6932] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6932] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = 1 [pid 6913] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6913] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6932] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6932] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6932] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] exit_group(0 [pid 6932] <... futex resumed>) = ? [pid 6932] +++ exited with 0 +++ [pid 6913] <... exit_group resumed>) = ? [pid 6914] <... sendfile resumed>) = ? [pid 6914] +++ exited with 0 +++ [pid 6913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6913, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=49 /* 0.49 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 178.259339][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6933 attached , child_tidptr=0x5555563ac690) = 6933 [pid 6933] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6933] chdir("./95") = 0 [pid 6933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6933] setpgid(0, 0) = 0 [pid 6933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6933] write(3, "1000", 4) = 4 [pid 6933] close(3) = 0 [pid 6933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6933] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6934 attached [pid 6934] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6933] <... clone3 resumed> => {parent_tid=[6934]}, 88) = 6934 [pid 6934] <... rseq resumed>) = 0 [pid 6934] set_robust_list(0x7f6a9ef039a0, 24 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6934] <... set_robust_list resumed>) = 0 [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], [pid 6933] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6934] memfd_create("syzkaller", 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] <... memfd_create resumed>) = 3 [pid 6934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6934] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6934] close(3) = 0 [pid 6934] close(4) = 0 [pid 6934] mkdir("./bus", 0777) = 0 [ 178.696567][ T6934] loop0: detected capacity change from 0 to 32768 [ 178.722290][ T6934] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6934) [ 178.741648][ T6934] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 178.752139][ T6934] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 178.761982][ T6934] BTRFS info (device loop0): using free-space-tree [pid 6934] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6934] chdir("./bus") = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6934] ioctl(4, LOOP_CLR_FD) = 0 [pid 6934] close(4) = 0 [pid 6934] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] <... futex resumed>) = 0 [pid 6934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6933] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... open resumed>) = 4 [pid 6934] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... open resumed>) = 5 [pid 6934] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... futex resumed>) = 0 [pid 6934] <... futex resumed>) = 1 [pid 6933] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] fallocate(5, 0, 0, 1048820 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... fallocate resumed>) = 0 [pid 6934] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6934] sendfile(4, 4, NULL, 142609664 [pid 6933] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6933] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6933] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6952 attached [pid 6952] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6933] <... clone3 resumed> => {parent_tid=[6952]}, 88) = 6952 [pid 6952] set_robust_list(0x7f6a9eee29a0, 24 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6952] <... set_robust_list resumed>) = 0 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... open resumed>) = 6 [pid 6952] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = 1 [pid 6952] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6952] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6952] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6952] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] exit_group(0) = ? [pid 6952] <... futex resumed>) = ? [pid 6952] +++ exited with 0 +++ [pid 6934] <... sendfile resumed>) = ? [pid 6934] +++ exited with 0 +++ [pid 6933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6933, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 179.379927][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6953 attached , child_tidptr=0x5555563ac690) = 6953 [pid 6953] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6953] chdir("./96") = 0 [pid 6953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6953] setpgid(0, 0) = 0 [pid 6953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6953] write(3, "1000", 4) = 4 [pid 6953] close(3) = 0 [pid 6953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6953] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6954 attached => {parent_tid=[6954]}, 88) = 6954 [pid 6954] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], [pid 6954] set_robust_list(0x7f6a9ef039a0, 24 [pid 6953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6954] <... set_robust_list resumed>) = 0 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 6953] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6954] memfd_create("syzkaller", 0) = 3 [pid 6954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6954] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6954] close(3) = 0 [pid 6954] close(4) = 0 [pid 6954] mkdir("./bus", 0777) = 0 [ 179.940582][ T6954] loop0: detected capacity change from 0 to 32768 [ 179.966689][ T6954] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6954) [pid 6954] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6954] chdir("./bus") = 0 [ 179.987037][ T6954] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 179.997843][ T6954] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 180.008237][ T6954] BTRFS info (device loop0): using free-space-tree [pid 6954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6954] ioctl(4, LOOP_CLR_FD) = 0 [pid 6954] close(4) = 0 [pid 6954] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 6954] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6953] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... open resumed>) = 4 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6954] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 6954] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6953] <... futex resumed>) = 0 [pid 6954] fallocate(5, 0, 0, 1048820 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... fallocate resumed>) = 0 [pid 6954] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 1 [pid 6954] sendfile(4, 4, NULL, 142609664 [pid 6953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6953] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6953] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6953] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6971 attached [pid 6971] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6971] set_robust_list(0x7f6a9eee29a0, 24 [pid 6953] <... clone3 resumed> => {parent_tid=[6971]}, 88) = 6971 [ 180.086927][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 180.086942][ T28] audit: type=1800 audit(1708613300.164:290): pid=6954 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 180.114530][ T28] audit: type=1800 audit(1708613300.174:291): pid=6954 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6971] <... set_robust_list resumed>) = 0 [pid 6953] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] rt_sigprocmask(SIG_SETMASK, [], [pid 6953] <... futex resumed>) = 0 [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6953] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 6971] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6971] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6971] <... futex resumed>) = 0 [pid 6953] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 6971] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [ 180.171598][ T28] audit: type=1800 audit(1708613300.244:292): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6971] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] exit_group(0 [pid 6971] <... futex resumed>) = ? [pid 6953] <... exit_group resumed>) = ? [pid 6971] +++ exited with 0 +++ [pid 6954] <... sendfile resumed>) = ? [pid 6954] +++ exited with 0 +++ [pid 6953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6953, si_uid=0, si_status=0, si_utime=0, si_stime=46 /* 0.46 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 180.535264][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6972 attached , child_tidptr=0x5555563ac690) = 6972 [pid 6972] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6972] chdir("./97") = 0 [pid 6972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6972] setpgid(0, 0) = 0 [pid 6972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6972] write(3, "1000", 4) = 4 [pid 6972] close(3) = 0 [pid 6972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6972] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6973 attached [pid 6973] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6972] <... clone3 resumed> => {parent_tid=[6973]}, 88) = 6973 [pid 6973] <... rseq resumed>) = 0 [pid 6973] set_robust_list(0x7f6a9ef039a0, 24 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] <... set_robust_list resumed>) = 0 [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] <... futex resumed>) = 0 [pid 6973] memfd_create("syzkaller", 0 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6973] <... memfd_create resumed>) = 3 [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6973] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6973] close(3) = 0 [pid 6973] close(4) = 0 [pid 6973] mkdir("./bus", 0777) = 0 [ 181.015387][ T6973] loop0: detected capacity change from 0 to 32768 [ 181.040381][ T6973] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6973) [ 181.062368][ T6973] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 181.073079][ T6973] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 181.083113][ T6973] BTRFS info (device loop0): using free-space-tree [pid 6973] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6973] chdir("./bus") = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6973] ioctl(4, LOOP_CLR_FD) = 0 [pid 6973] close(4) = 0 [pid 6973] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6973] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6972] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] <... open resumed>) = 4 [pid 6973] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6973] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6972] <... futex resumed>) = 0 [pid 6973] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] <... open resumed>) = 5 [pid 6973] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6973] fallocate(5, 0, 0, 1048820 [pid 6972] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] <... fallocate resumed>) = 0 [pid 6973] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6973] sendfile(4, 4, NULL, 142609664 [pid 6972] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 181.144942][ T28] audit: type=1800 audit(1708613301.214:293): pid=6973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 181.167841][ T28] audit: type=1800 audit(1708613301.244:294): pid=6973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6972] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6972] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6972] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 6990 attached [pid 6990] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 6972] <... clone3 resumed> => {parent_tid=[6990]}, 88) = 6990 [pid 6990] <... rseq resumed>) = 0 [pid 6990] set_robust_list(0x7f6a9eee29a0, 24 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... set_robust_list resumed>) = 0 [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] <... futex resumed>) = 0 [pid 6990] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 6972] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] <... open resumed>) = 6 [pid 6990] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6972] <... futex resumed>) = 1 [pid 6990] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6972] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 6990] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6990] <... futex resumed>) = 1 [ 181.258723][ T28] audit: type=1800 audit(1708613301.334:295): pid=6990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6990] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] exit_group(0 [pid 6990] <... futex resumed>) = ? [pid 6972] <... exit_group resumed>) = ? [pid 6990] +++ exited with 0 +++ [pid 6973] <... sendfile resumed>) = ? [pid 6973] +++ exited with 0 +++ [pid 6972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6972, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=56 /* 0.56 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 181.802709][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6991 attached , child_tidptr=0x5555563ac690) = 6991 [pid 6991] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 6991] chdir("./98") = 0 [pid 6991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6991] setpgid(0, 0) = 0 [pid 6991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6991] write(3, "1000", 4) = 4 [pid 6991] close(3) = 0 [pid 6991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 6991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 6991] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 6992 attached [pid 6992] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 6991] <... clone3 resumed> => {parent_tid=[6992]}, 88) = 6992 [pid 6992] <... rseq resumed>) = 0 [pid 6992] set_robust_list(0x7f6a9ef039a0, 24 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], [pid 6992] <... set_robust_list resumed>) = 0 [pid 6991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6992] rt_sigprocmask(SIG_SETMASK, [], [pid 6991] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6991] <... futex resumed>) = 0 [pid 6992] memfd_create("syzkaller", 0 [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6992] <... memfd_create resumed>) = 3 [pid 6992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 6992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6992] munmap(0x7f6a96a00000, 138412032) = 0 [pid 6992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6992] close(3) = 0 [pid 6992] close(4) = 0 [pid 6992] mkdir("./bus", 0777) = 0 [ 182.309766][ T6992] loop0: detected capacity change from 0 to 32768 [ 182.327157][ T6992] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (6992) [ 182.343153][ T6992] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 6992] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 6992] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6992] chdir("./bus") = 0 [pid 6992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6992] ioctl(4, LOOP_CLR_FD) = 0 [pid 6992] close(4) = 0 [pid 6992] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6992] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6991] <... futex resumed>) = 0 [ 182.353472][ T6992] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 182.362952][ T6992] BTRFS info (device loop0): using free-space-tree [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... open resumed>) = 4 [pid 6992] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6991] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... open resumed>) = 5 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... futex resumed>) = 1 [pid 6992] fallocate(5, 0, 0, 1048820) = 0 [pid 6992] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... futex resumed>) = 1 [ 182.421822][ T28] audit: type=1800 audit(1708613302.494:296): pid=6992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 182.442333][ T28] audit: type=1800 audit(1708613302.514:297): pid=6992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6992] sendfile(4, 4, NULL, 142609664 [pid 6991] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6991] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 6991] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7008 attached [pid 7008] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 6991] <... clone3 resumed> => {parent_tid=[7008]}, 88) = 7008 [pid 7008] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6991] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7008] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7008] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 7008] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] <... futex resumed>) = 0 [pid 7008] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 6991] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7008] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 7008] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [ 182.561357][ T28] audit: type=1800 audit(1708613302.634:298): pid=7008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7008] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] exit_group(0 [pid 7008] <... futex resumed>) = ? [pid 7008] +++ exited with 0 +++ [pid 6991] <... exit_group resumed>) = ? [pid 6992] <... sendfile resumed>) = ? [pid 6992] +++ exited with 0 +++ [pid 6991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6991, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=57 /* 0.57 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 183.111831][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7009 attached [pid 7009] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 7009 [pid 7009] chdir("./99") = 0 [pid 7009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7009] setpgid(0, 0) = 0 [pid 7009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7009] write(3, "1000", 4) = 4 [pid 7009] close(3) = 0 [pid 7009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7009] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7010 attached [pid 7010] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 7009] <... clone3 resumed> => {parent_tid=[7010]}, 88) = 7010 [pid 7010] <... rseq resumed>) = 0 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7010] set_robust_list(0x7f6a9ef039a0, 24 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] <... set_robust_list resumed>) = 0 [pid 7009] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7009] <... futex resumed>) = 0 [pid 7010] memfd_create("syzkaller", 0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] <... memfd_create resumed>) = 3 [pid 7010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7010] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7010] close(3) = 0 [pid 7010] close(4) = 0 [pid 7010] mkdir("./bus", 0777) = 0 [ 183.622972][ T7010] loop0: detected capacity change from 0 to 32768 [pid 7010] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 183.666768][ T7010] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7010) [ 183.687920][ T7010] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 183.698207][ T7010] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 183.707942][ T7010] BTRFS info (device loop0): using free-space-tree [pid 7010] chdir("./bus") = 0 [pid 7010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7010] ioctl(4, LOOP_CLR_FD) = 0 [pid 7010] close(4) = 0 [pid 7010] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7010] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 7010] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 7010] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7010] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7010] fallocate(5, 0, 0, 1048820 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] <... fallocate resumed>) = 0 [pid 7010] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] sendfile(4, 4, NULL, 142609664 [pid 7009] <... futex resumed>) = 0 [ 183.771802][ T28] audit: type=1800 audit(1708613303.844:299): pid=7010 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7009] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7009] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7009] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7027 attached => {parent_tid=[7027]}, 88) = 7027 [pid 7027] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7027] <... rseq resumed>) = 0 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7027] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7009] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], [pid 7009] <... futex resumed>) = 0 [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7009] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7027] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7027] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7009] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 7027] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7027] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] exit_group(0) = ? [pid 7027] <... futex resumed>) = ? [pid 7027] +++ exited with 0 +++ [pid 7010] <... sendfile resumed>) = ? [pid 7010] +++ exited with 0 +++ [pid 7009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7009, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=53 /* 0.53 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 184.410022][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7028 attached , child_tidptr=0x5555563ac690) = 7028 [pid 7028] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7028] chdir("./100") = 0 [pid 7028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7028] setpgid(0, 0) = 0 [pid 7028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7028] write(3, "1000", 4) = 4 [pid 7028] close(3) = 0 [pid 7028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7028] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7029 attached => {parent_tid=[7029]}, 88) = 7029 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7029] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 7028] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] set_robust_list(0x7f6a9ef039a0, 24 [pid 7028] <... futex resumed>) = 0 [pid 7029] <... set_robust_list resumed>) = 0 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7029] memfd_create("syzkaller", 0) = 3 [pid 7029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7029] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7029] close(3) = 0 [pid 7029] close(4) = 0 [pid 7029] mkdir("./bus", 0777) = 0 [ 184.907660][ T7029] loop0: detected capacity change from 0 to 32768 [ 184.935125][ T7029] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7029) [pid 7029] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7029] chdir("./bus") = 0 [pid 7029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7029] ioctl(4, LOOP_CLR_FD) = 0 [pid 7029] close(4) = 0 [pid 7029] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7029] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] <... open resumed>) = 4 [ 184.956356][ T7029] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 184.969204][ T7029] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 184.979695][ T7029] BTRFS info (device loop0): using free-space-tree [pid 7029] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] <... futex resumed>) = 1 [pid 7029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 7029] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] fallocate(5, 0, 0, 1048820) = 0 [pid 7029] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] <... futex resumed>) = 0 [pid 7029] <... futex resumed>) = 1 [pid 7028] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] sendfile(4, 4, NULL, 142609664 [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7028] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7028] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7046 attached [pid 7046] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7028] <... clone3 resumed> => {parent_tid=[7046]}, 88) = 7046 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7028] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7046] <... rseq resumed>) = 0 [pid 7046] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7028] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7046] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7046] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7046] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7046] <... futex resumed>) = 0 [pid 7028] <... futex resumed>) = 1 [pid 7028] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 7046] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [ 185.162193][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 185.162207][ T28] audit: type=1800 audit(1708613305.234:304): pid=7046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7046] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] exit_group(0) = ? [pid 7046] <... futex resumed>) = ? [pid 7029] <... sendfile resumed>) = ? [pid 7046] +++ exited with 0 +++ [pid 7029] +++ exited with 0 +++ [pid 7028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7028, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 185.710653][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7047 attached , child_tidptr=0x5555563ac690) = 7047 [pid 7047] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7047] chdir("./101") = 0 [pid 7047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7047] setpgid(0, 0) = 0 [pid 7047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7047] write(3, "1000", 4) = 4 [pid 7047] close(3) = 0 [pid 7047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7047] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0} => {parent_tid=[7048]}, 88) = 7048 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7048 attached NULL, 8) = 0 [pid 7048] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 7047] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] <... rseq resumed>) = 0 [pid 7048] set_robust_list(0x7f6a9ef039a0, 24 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] <... set_robust_list resumed>) = 0 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7048] memfd_create("syzkaller", 0) = 3 [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7048] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7048] close(3) = 0 [pid 7048] close(4) = 0 [pid 7048] mkdir("./bus", 0777) = 0 [ 186.248931][ T7048] loop0: detected capacity change from 0 to 32768 [ 186.281461][ T7048] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7048) [pid 7048] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 186.300601][ T7048] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 186.311555][ T7048] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 186.322274][ T7048] BTRFS info (device loop0): using free-space-tree [pid 7048] chdir("./bus") = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_CLR_FD) = 0 [pid 7048] close(4) = 0 [pid 7048] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 7048] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 0 [pid 7047] <... futex resumed>) = 1 [pid 7048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] <... open resumed>) = 5 [pid 7048] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7048] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] fallocate(5, 0, 0, 1048820) = 0 [pid 7048] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7048] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7048] sendfile(4, 4, NULL, 142609664 [pid 7047] <... futex resumed>) = 0 [ 186.435348][ T28] audit: type=1800 audit(1708613306.514:305): pid=7048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 186.459350][ T28] audit: type=1800 audit(1708613306.534:306): pid=7048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7047] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7047] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7047] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7065 attached [pid 7065] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7047] <... clone3 resumed> => {parent_tid=[7065]}, 88) = 7065 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7047] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7065] <... rseq resumed>) = 0 [pid 7047] <... futex resumed>) = 0 [pid 7065] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7047] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7065] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7065] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7065] <... futex resumed>) = 0 [pid 7047] <... futex resumed>) = 1 [pid 7065] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 7047] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 186.604535][ T28] audit: type=1800 audit(1708613306.674:307): pid=7065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7065] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] exit_group(0 [pid 7065] <... futex resumed>) = ? [pid 7047] <... exit_group resumed>) = ? [pid 7065] +++ exited with 0 +++ [pid 7048] <... sendfile resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7047, si_uid=0, si_status=0, si_utime=0, si_stime=72 /* 0.72 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 187.162709][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7066 attached , child_tidptr=0x5555563ac690) = 7066 [pid 7066] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7066] chdir("./102") = 0 [pid 7066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7066] setpgid(0, 0) = 0 [pid 7066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7066] write(3, "1000", 4) = 4 [pid 7066] close(3) = 0 [pid 7066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7066] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7067 attached [pid 7067] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 7066] <... clone3 resumed> => {parent_tid=[7067]}, 88) = 7067 [pid 7067] set_robust_list(0x7f6a9ef039a0, 24 [pid 7066] rt_sigprocmask(SIG_SETMASK, [], [pid 7067] <... set_robust_list resumed>) = 0 [pid 7066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], [pid 7066] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7066] <... futex resumed>) = 0 [pid 7067] memfd_create("syzkaller", 0 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7067] <... memfd_create resumed>) = 3 [pid 7067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7067] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7067] close(3) = 0 [pid 7067] close(4) = 0 [pid 7067] mkdir("./bus", 0777) = 0 [ 187.685781][ T7067] loop0: detected capacity change from 0 to 32768 [ 187.715293][ T7067] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7067) [pid 7067] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7067] chdir("./bus") = 0 [ 187.736908][ T7067] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 187.748167][ T7067] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 187.758989][ T7067] BTRFS info (device loop0): using free-space-tree [pid 7067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7067] ioctl(4, LOOP_CLR_FD) = 0 [pid 7067] close(4) = 0 [pid 7067] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7066] <... futex resumed>) = 0 [pid 7066] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = 0 [pid 7066] <... futex resumed>) = 1 [pid 7067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7067] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7066] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7066] <... futex resumed>) = 0 [pid 7067] <... open resumed>) = 5 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7067] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = 1 [pid 7066] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] fallocate(5, 0, 0, 1048820 [pid 7066] <... futex resumed>) = 0 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7067] <... fallocate resumed>) = 0 [pid 7067] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = 1 [pid 7066] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] sendfile(4, 4, NULL, 142609664 [pid 7066] <... futex resumed>) = 0 [ 187.838882][ T28] audit: type=1800 audit(1708613307.914:308): pid=7067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 187.859476][ T28] audit: type=1800 audit(1708613307.914:309): pid=7067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7066] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7066] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7066] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7084 attached [pid 7084] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7066] <... clone3 resumed> => {parent_tid=[7084]}, 88) = 7084 [pid 7066] rt_sigprocmask(SIG_SETMASK, [], [pid 7084] <... rseq resumed>) = 0 [pid 7066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7084] set_robust_list(0x7f6a9eee29a0, 24 [pid 7066] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7084] <... set_robust_list resumed>) = 0 [pid 7084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7084] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7084] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7084] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7066] <... futex resumed>) = 0 [pid 7066] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7066] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7084] <... futex resumed>) = 0 [pid 7084] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=2, ...}) = 0 [pid 7084] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7066] <... futex resumed>) = 0 [ 187.946382][ T28] audit: type=1800 audit(1708613308.024:310): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7084] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7066] exit_group(0 [pid 7084] <... futex resumed>) = ? [pid 7066] <... exit_group resumed>) = ? [pid 7084] +++ exited with 0 +++ [pid 7067] <... sendfile resumed>) = ? [pid 7067] +++ exited with 0 +++ [pid 7066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7066, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=59 /* 0.59 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 188.494181][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ac690) = 7085 ./strace-static-x86_64: Process 7085 attached [pid 7085] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7085] chdir("./103") = 0 [pid 7085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7085] setpgid(0, 0) = 0 [pid 7085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7085] write(3, "1000", 4) = 4 [pid 7085] close(3) = 0 [pid 7085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7085] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7086 attached => {parent_tid=[7086]}, 88) = 7086 [pid 7086] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 7086] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 7086] rt_sigprocmask(SIG_SETMASK, [], [pid 7085] rt_sigprocmask(SIG_SETMASK, [], [pid 7086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7086] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7085] <... futex resumed>) = 0 [pid 7086] memfd_create("syzkaller", 0 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7086] <... memfd_create resumed>) = 3 [pid 7086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7086] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7086] close(3) = 0 [pid 7086] close(4) = 0 [pid 7086] mkdir("./bus", 0777) = 0 [ 188.967597][ T7086] loop0: detected capacity change from 0 to 32768 [ 188.996745][ T7086] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7086) [ 189.017563][ T7086] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 189.028642][ T7086] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 189.038842][ T7086] BTRFS info (device loop0): using free-space-tree [pid 7086] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7086] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7086] chdir("./bus") = 0 [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7086] ioctl(4, LOOP_CLR_FD) = 0 [pid 7086] close(4) = 0 [pid 7086] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7086] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7086] <... futex resumed>) = 0 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 7086] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7086] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 0 [pid 7086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 7085] <... futex resumed>) = 1 [pid 7086] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7085] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 0 [pid 7085] <... futex resumed>) = 0 [pid 7086] fallocate(5, 0, 0, 1048820 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... fallocate resumed>) = 0 [pid 7086] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7086] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 0 [pid 7085] <... futex resumed>) = 1 [pid 7086] sendfile(4, 4, NULL, 142609664 [ 189.161198][ T28] audit: type=1800 audit(1708613309.234:311): pid=7086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 189.185381][ T28] audit: type=1800 audit(1708613309.254:312): pid=7086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7085] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7085] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7085] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0} => {parent_tid=[7104]}, 88) = 7104 ./strace-static-x86_64: Process 7104 attached [pid 7085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7104] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7085] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] <... rseq resumed>) = 0 [pid 7085] <... futex resumed>) = 0 [pid 7104] set_robust_list(0x7f6a9eee29a0, 24 [pid 7085] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... set_robust_list resumed>) = 0 [pid 7104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7104] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7104] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7104] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] <... futex resumed>) = 0 [pid 7085] <... futex resumed>) = 1 [pid 7104] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 7085] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 7104] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7085] <... futex resumed>) = 0 [ 189.309321][ T28] audit: type=1800 audit(1708613309.384:313): pid=7104 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7104] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] exit_group(0 [pid 7104] <... futex resumed>) = ? [pid 7085] <... exit_group resumed>) = ? [pid 7104] +++ exited with 0 +++ [pid 7086] <... sendfile resumed>) = ? [pid 7086] +++ exited with 0 +++ [pid 7085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7085, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 189.759495][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7105 attached , child_tidptr=0x5555563ac690) = 7105 [pid 7105] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7105] chdir("./104") = 0 [pid 7105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7105] setpgid(0, 0) = 0 [pid 7105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7105] write(3, "1000", 4) = 4 [pid 7105] close(3) = 0 [pid 7105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7105] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7106 attached [pid 7106] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053 [pid 7105] <... clone3 resumed> => {parent_tid=[7106]}, 88) = 7106 [pid 7106] <... rseq resumed>) = 0 [pid 7105] rt_sigprocmask(SIG_SETMASK, [], [pid 7106] set_robust_list(0x7f6a9ef039a0, 24 [pid 7105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7106] <... set_robust_list resumed>) = 0 [pid 7106] rt_sigprocmask(SIG_SETMASK, [], [pid 7105] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7105] <... futex resumed>) = 0 [pid 7106] memfd_create("syzkaller", 0 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7106] <... memfd_create resumed>) = 3 [pid 7106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7106] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7106] close(3) = 0 [pid 7106] close(4) = 0 [pid 7106] mkdir("./bus", 0777) = 0 [ 190.136700][ T7106] loop0: detected capacity change from 0 to 32768 [ 190.180567][ T7106] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7106) [ 190.201648][ T7106] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 190.212853][ T7106] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 190.223813][ T7106] BTRFS info (device loop0): using free-space-tree [pid 7106] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7106] chdir("./bus") = 0 [pid 7106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7106] ioctl(4, LOOP_CLR_FD) = 0 [pid 7106] close(4) = 0 [pid 7106] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] <... futex resumed>) = 0 [pid 7105] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 7106] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] <... futex resumed>) = 0 [pid 7106] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] <... futex resumed>) = 0 [pid 7105] <... futex resumed>) = 1 [pid 7106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 7106] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] <... futex resumed>) = 0 [pid 7105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7105] <... futex resumed>) = 0 [pid 7106] fallocate(5, 0, 0, 1048820 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] <... fallocate resumed>) = 0 [pid 7106] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] <... futex resumed>) = 0 [pid 7106] sendfile(4, 4, NULL, 142609664 [pid 7105] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 190.332644][ T28] audit: type=1800 audit(1708613310.404:314): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 190.357653][ T28] audit: type=1800 audit(1708613310.434:315): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7105] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7105] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7105] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7124 attached => {parent_tid=[7124]}, 88) = 7124 [pid 7105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7105] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7124] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 7124] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7124] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... futex resumed>) = 0 [pid 7105] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7124] <... futex resumed>) = 1 [pid 7124] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 7124] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] <... futex resumed>) = 0 [ 190.466030][ T28] audit: type=1800 audit(1708613310.544:316): pid=7124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7124] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] exit_group(0 [pid 7124] <... futex resumed>) = ? [pid 7105] <... exit_group resumed>) = ? [pid 7124] +++ exited with 0 +++ [pid 7106] <... sendfile resumed>) = ? [pid 7106] +++ exited with 0 +++ [pid 7105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7105, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=59 /* 0.59 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 191.100976][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7125 attached , child_tidptr=0x5555563ac690) = 7125 [pid 7125] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7125] chdir("./105") = 0 [pid 7125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7125] setpgid(0, 0) = 0 [pid 7125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7125] write(3, "1000", 4) = 4 [pid 7125] close(3) = 0 [pid 7125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7125] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7126 attached => {parent_tid=[7126]}, 88) = 7126 [pid 7126] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], [pid 7126] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7125] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... futex resumed>) = 0 [pid 7125] <... futex resumed>) = 1 [pid 7126] memfd_create("syzkaller", 0 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] <... memfd_create resumed>) = 3 [pid 7126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7126] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7126] close(3) = 0 [pid 7126] close(4) = 0 [pid 7126] mkdir("./bus", 0777) = 0 [ 191.586108][ T7126] loop0: detected capacity change from 0 to 32768 [pid 7126] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 191.625497][ T7126] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7126) [ 191.648307][ T7126] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 191.659295][ T7126] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 191.669794][ T7126] BTRFS info (device loop0): using free-space-tree [pid 7126] chdir("./bus") = 0 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7126] ioctl(4, LOOP_CLR_FD) = 0 [pid 7126] close(4) = 0 [pid 7126] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7126] <... open resumed>) = 4 [pid 7126] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7125] <... futex resumed>) = 0 [pid 7126] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7126] <... open resumed>) = 5 [pid 7126] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] <... futex resumed>) = 0 [pid 7126] <... futex resumed>) = 1 [pid 7125] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] fallocate(5, 0, 0, 1048820 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7126] <... fallocate resumed>) = 0 [pid 7126] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7125] <... futex resumed>) = 0 [pid 7126] sendfile(4, 4, NULL, 142609664 [ 191.760519][ T28] audit: type=1800 audit(1708613311.834:317): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 191.784378][ T28] audit: type=1800 audit(1708613311.854:318): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7125] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7125] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7125] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7144 attached => {parent_tid=[7144]}, 88) = 7144 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7144] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053 [pid 7125] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] <... rseq resumed>) = 0 [pid 7144] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7144] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7144] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 7125] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7144] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] <... futex resumed>) = 0 [ 191.904862][ T28] audit: type=1800 audit(1708613311.974:319): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7125] exit_group(0) = ? [pid 7144] <... futex resumed>) = ? [pid 7144] +++ exited with 0 +++ [pid 7126] <... sendfile resumed>) = ? [pid 7126] +++ exited with 0 +++ [pid 7125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7125, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=64 /* 0.64 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563ad730 /* 4 entries */, 32768) = 104 [ 192.484564][ T5054] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563b5770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563b5770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 getdents64(3, 0x5555563ad730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7145 attached [pid 7145] set_robust_list(0x5555563ac6a0, 24) = 0 [pid 7145] chdir("./106" [pid 5054] <... clone resumed>, child_tidptr=0x5555563ac690) = 7145 [pid 7145] <... chdir resumed>) = 0 [pid 7145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7145] setpgid(0, 0) = 0 [pid 7145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7145] write(3, "1000", 4) = 4 [pid 7145] close(3) = 0 [pid 7145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] rt_sigaction(SIGRT_1, {sa_handler=0x7f6a9ef6cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6a9ef5e1a0}, NULL, 8) = 0 [pid 7145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eee3000 [pid 7145] mprotect(0x7f6a9eee4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9ef03990, parent_tid=0x7f6a9ef03990, exit_signal=0, stack=0x7f6a9eee3000, stack_size=0x20300, tls=0x7f6a9ef036c0}./strace-static-x86_64: Process 7146 attached [pid 7146] rseq(0x7f6a9ef03fe0, 0x20, 0, 0x53053053) = 0 [pid 7145] <... clone3 resumed> => {parent_tid=[7146]}, 88) = 7146 [pid 7146] set_robust_list(0x7f6a9ef039a0, 24) = 0 [pid 7146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7146] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7145] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... futex resumed>) = 0 [pid 7145] <... futex resumed>) = 1 [pid 7146] memfd_create("syzkaller", 0 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] <... memfd_create resumed>) = 3 [pid 7146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6a96a00000 [pid 7146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7146] munmap(0x7f6a96a00000, 138412032) = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7146] close(3) = 0 [pid 7146] close(4) = 0 [pid 7146] mkdir("./bus", 0777) = 0 [ 193.014227][ T7146] loop0: detected capacity change from 0 to 32768 [ 193.046879][ T7146] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor984 (7146) [pid 7146] mount("/dev/loop0", "./bus", "btrfs", 0, "discard,") = 0 [pid 7146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 193.066722][ T7146] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 193.078032][ T7146] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 193.088401][ T7146] BTRFS info (device loop0): using free-space-tree [pid 7146] chdir("./bus") = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7146] ioctl(4, LOOP_CLR_FD) = 0 [pid 7146] close(4) = 0 [pid 7146] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7146] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] <... open resumed>) = 4 [pid 7146] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] <... futex resumed>) = 1 [pid 7146] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 7146] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7146] futex(0x7f6a9efd36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7146] <... futex resumed>) = 0 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] fallocate(5, 0, 0, 1048820) = 0 [pid 7146] futex(0x7f6a9efd36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7146] sendfile(4, 4, NULL, 142609664 [pid 7145] futex(0x7f6a9efd36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.168934][ T28] audit: type=1800 audit(1708613313.244:320): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 193.192773][ T28] audit: type=1800 audit(1708613313.274:321): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7145] futex(0x7f6a9efd36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7145] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6a9eec2000 [pid 7145] mprotect(0x7f6a9eec3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6a9eee2990, parent_tid=0x7f6a9eee2990, exit_signal=0, stack=0x7f6a9eec2000, stack_size=0x20300, tls=0x7f6a9eee26c0}./strace-static-x86_64: Process 7164 attached => {parent_tid=[7164]}, 88) = 7164 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7145] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7164] rseq(0x7f6a9eee2fe0, 0x20, 0, 0x53053053) = 0 [pid 7164] set_robust_list(0x7f6a9eee29a0, 24) = 0 [pid 7164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7164] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 7164] futex(0x7f6a9efd36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7164] futex(0x7f6a9efd36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f6a9efd36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... futex resumed>) = 0 [pid 7145] <... futex resumed>) = 1 [pid 7164] ioctl(6, FS_IOC_FIEMAP, {fm_start=65279, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [ 193.332970][ T28] audit: type=1800 audit(1708613313.404:322): pid=7164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor984" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 193.379299][ T7164] ------------[ cut here ]------------ [ 193.385126][ T7164] WARNING: CPU: 0 PID: 7164 at fs/btrfs/extent_io.c:2499 emit_fiemap_extent+0xec/0x410 [ 193.394837][ T7164] Modules linked in: [ 193.398890][ T7164] CPU: 0 PID: 7164 Comm: syz-executor984 Not tainted 6.8.0-rc5-syzkaller-00029-g39133352cbed #0 [ 193.409339][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 193.419610][ T7164] RIP: 0010:emit_fiemap_extent+0xec/0x410 [pid 7145] futex(0x7f6a9efd36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 193.425365][ T7164] Code: cd 48 fe 49 8b 45 00 48 89 04 24 48 8b 4c 24 28 48 8d 2c 08 48 89 ef 4c 89 f6 e8 bf ff e9 fd 4c 39 f5 76 1d e8 55 fd e9 fd 90 <0f> 0b 90 bd ea ff ff ff e9 25 02 00 00 e8 42 fd e9 fd e9 97 01 00 [ 193.445138][ T7164] RSP: 0018:ffffc9000ee57448 EFLAGS: 00010293 [ 193.451314][ T7164] RAX: ffffffff83a96edb RBX: ffffc9000ee578a0 RCX: ffff88802a410000 [ 193.459723][ T7164] RDX: 0000000000000000 RSI: 0000000000016000 RDI: 0000000000101000 [ 193.467746][ T7164] RBP: 0000000000101000 R08: ffffffff83a96ed1 R09: 0000000000000800 [ 193.476060][ T7164] R10: ffffc9000ee57418 R11: fffff52001dcae85 R12: 1ffff92001dcaf17 [ 193.484179][ T7164] R13: ffffc9000ee578b0 R14: 0000000000016000 R15: 1ffff92001dcaf16 [ 193.492258][ T7164] FS: 00007f6a9eee26c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 193.501244][ T7164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.507880][ T7164] CR2: 00000000200012c8 CR3: 00000000304d8000 CR4: 00000000003506f0 [ 193.515908][ T7164] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 193.523888][ T7164] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 193.532107][ T7164] Call Trace: [ 193.535419][ T7164] [ 193.538351][ T7164] ? __warn+0x162/0x4b0 [ 193.542526][ T7164] ? emit_fiemap_extent+0xec/0x410 [ 193.547809][ T7164] ? report_bug+0x2b3/0x500 [ 193.552354][ T7164] ? emit_fiemap_extent+0xec/0x410 [ 193.557620][ T7164] ? handle_bug+0x3e/0x70 [ 193.561979][ T7164] ? exc_invalid_op+0x1a/0x50 [ 193.566816][ T7164] ? asm_exc_invalid_op+0x1a/0x20 [ 193.571913][ T7164] ? emit_fiemap_extent+0xe1/0x410 [ 193.577547][ T7164] ? emit_fiemap_extent+0xeb/0x410 [ 193.582783][ T7164] ? emit_fiemap_extent+0xec/0x410 [ 193.588236][ T7164] ? emit_fiemap_extent+0xeb/0x410 [ 193.593604][ T7164] fiemap_process_hole+0xb77/0xc50 [ 193.598816][ T7164] ? __pfx_fiemap_process_hole+0x10/0x10 [ 193.604547][ T7164] ? btrfs_get_64+0x2bf/0x480 [ 193.609318][ T7164] ? __pfx_btrfs_get_64+0x10/0x10 [ 193.614386][ T7164] ? __asan_memcpy+0x40/0x70 [ 193.619054][ T7164] extent_fiemap+0xcec/0x1ec0 [ 193.623858][ T7164] ? __pfx_extent_fiemap+0x10/0x10 [ 193.629041][ T7164] ? __lock_acquire+0x1345/0x1fd0 [ 193.634112][ T7164] ? __pfx___might_resched+0x10/0x10 [ 193.640154][ T7164] ? fiemap_prep+0x19e/0x240 [ 193.644927][ T7164] btrfs_fiemap+0x178/0x1f0 [ 193.649612][ T7164] ? __pfx_btrfs_fiemap+0x10/0x10 [ 193.654649][ T7164] ? __might_fault+0xc5/0x120 [ 193.659383][ T7164] ? __pfx_btrfs_fiemap+0x10/0x10 [ 193.664431][ T7164] do_vfs_ioctl+0x1a02/0x2b60 [ 193.669245][ T7164] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 193.674430][ T7164] ? __pfx_lock_release+0x10/0x10 [ 193.679686][ T7164] ? __kasan_slab_free+0x46/0x70 [ 193.684668][ T7164] ? kfree+0x14a/0x380 [ 193.688838][ T7164] ? tomoyo_path_number_perm+0x71a/0x880 [ 193.694620][ T7164] ? tomoyo_path_number_perm+0x208/0x880 [ 193.700830][ T7164] ? smack_log+0x123/0x540 [ 193.705405][ T7164] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 193.711422][ T7164] ? __pfx_smack_log+0x10/0x10 [ 193.716268][ T7164] ? smk_access+0x4ab/0x4e0 [ 193.720828][ T7164] ? smk_tskacc+0x2ff/0x360 [ 193.725410][ T7164] ? smack_file_ioctl+0x2fa/0x3a0 [ 193.730725][ T7164] ? __pfx_smack_file_ioctl+0x10/0x10 [ 193.736257][ T7164] ? __fget_files+0x28/0x470 [ 193.741100][ T7164] ? bpf_lsm_file_ioctl+0x9/0x10 [ 193.746111][ T7164] ? security_file_ioctl+0x87/0xb0 [ 193.751624][ T7164] __se_sys_ioctl+0x81/0x170 [ 193.756450][ T7164] do_syscall_64+0xf9/0x240 [ 193.761070][ T7164] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 193.767046][ T7164] RIP: 0033:0x7f6a9ef46bd9 [ 193.771478][ T7164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.791734][ T7164] RSP: 002b:00007f6a9eee2218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.800305][ T7164] RAX: ffffffffffffffda RBX: 00007f6a9efd36d8 RCX: 00007f6a9ef46bd9 [ 193.808630][ T7164] RDX: 00000000200012c0 RSI: 00000000c020660b RDI: 0000000000000006 [ 193.816982][ T7164] RBP: 00007f6a9efd36d0 R08: 0000000000000000 R09: 0000000000000000 [ 193.825019][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a9efd36dc [ 193.833607][ T7164] R13: 00007f6a9efa0660 R14: 00007f6a9ef9b0c0 R15: 8000000000000001 [ 193.841955][ T7164] [ 193.846440][ T7164] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 193.853849][ T7164] CPU: 0 PID: 7164 Comm: syz-executor984 Not tainted 6.8.0-rc5-syzkaller-00029-g39133352cbed #0 [ 193.864907][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 193.875622][ T7164] Call Trace: [ 193.878999][ T7164] [ 193.882107][ T7164] dump_stack_lvl+0x1e7/0x2e0 [ 193.887071][ T7164] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.892268][ T7164] ? __pfx__printk+0x10/0x10 [ 193.896863][ T7164] ? vscnprintf+0x5d/0x90 [ 193.901636][ T7164] panic+0x349/0x860 [ 193.905643][ T7164] ? __warn+0x171/0x4b0 [ 193.909820][ T7164] ? __pfx_panic+0x10/0x10 [ 193.914466][ T7164] __warn+0x31c/0x4b0 [ 193.918833][ T7164] ? emit_fiemap_extent+0xec/0x410 [ 193.923983][ T7164] report_bug+0x2b3/0x500 [ 193.929123][ T7164] ? emit_fiemap_extent+0xec/0x410 [ 193.934268][ T7164] handle_bug+0x3e/0x70 [ 193.938458][ T7164] exc_invalid_op+0x1a/0x50 [ 193.942966][ T7164] asm_exc_invalid_op+0x1a/0x20 [ 193.947819][ T7164] RIP: 0010:emit_fiemap_extent+0xec/0x410 [ 193.953561][ T7164] Code: cd 48 fe 49 8b 45 00 48 89 04 24 48 8b 4c 24 28 48 8d 2c 08 48 89 ef 4c 89 f6 e8 bf ff e9 fd 4c 39 f5 76 1d e8 55 fd e9 fd 90 <0f> 0b 90 bd ea ff ff ff e9 25 02 00 00 e8 42 fd e9 fd e9 97 01 00 [ 193.973440][ T7164] RSP: 0018:ffffc9000ee57448 EFLAGS: 00010293 [ 193.979537][ T7164] RAX: ffffffff83a96edb RBX: ffffc9000ee578a0 RCX: ffff88802a410000 [ 193.987633][ T7164] RDX: 0000000000000000 RSI: 0000000000016000 RDI: 0000000000101000 [ 193.996069][ T7164] RBP: 0000000000101000 R08: ffffffff83a96ed1 R09: 0000000000000800 [ 194.004162][ T7164] R10: ffffc9000ee57418 R11: fffff52001dcae85 R12: 1ffff92001dcaf17 [ 194.012173][ T7164] R13: ffffc9000ee578b0 R14: 0000000000016000 R15: 1ffff92001dcaf16 [ 194.020163][ T7164] ? emit_fiemap_extent+0xe1/0x410 [ 194.025274][ T7164] ? emit_fiemap_extent+0xeb/0x410 [ 194.030386][ T7164] ? emit_fiemap_extent+0xeb/0x410 [ 194.035501][ T7164] fiemap_process_hole+0xb77/0xc50 [ 194.040627][ T7164] ? __pfx_fiemap_process_hole+0x10/0x10 [ 194.046265][ T7164] ? btrfs_get_64+0x2bf/0x480 [ 194.050949][ T7164] ? __pfx_btrfs_get_64+0x10/0x10 [ 194.056140][ T7164] ? __asan_memcpy+0x40/0x70 [ 194.060726][ T7164] extent_fiemap+0xcec/0x1ec0 [ 194.065429][ T7164] ? __pfx_extent_fiemap+0x10/0x10 [ 194.070574][ T7164] ? __lock_acquire+0x1345/0x1fd0 [ 194.076087][ T7164] ? __pfx___might_resched+0x10/0x10 [ 194.081528][ T7164] ? fiemap_prep+0x19e/0x240 [ 194.086143][ T7164] btrfs_fiemap+0x178/0x1f0 [ 194.090677][ T7164] ? __pfx_btrfs_fiemap+0x10/0x10 [ 194.095729][ T7164] ? __might_fault+0xc5/0x120 [ 194.100423][ T7164] ? __pfx_btrfs_fiemap+0x10/0x10 [ 194.105536][ T7164] do_vfs_ioctl+0x1a02/0x2b60 [ 194.110506][ T7164] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 194.115547][ T7164] ? __pfx_lock_release+0x10/0x10 [ 194.120584][ T7164] ? __kasan_slab_free+0x46/0x70 [ 194.125521][ T7164] ? kfree+0x14a/0x380 [ 194.129594][ T7164] ? tomoyo_path_number_perm+0x71a/0x880 [ 194.135277][ T7164] ? tomoyo_path_number_perm+0x208/0x880 [ 194.141603][ T7164] ? smack_log+0x123/0x540 [ 194.146121][ T7164] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 194.152136][ T7164] ? __pfx_smack_log+0x10/0x10 [ 194.156917][ T7164] ? smk_access+0x4ab/0x4e0 [ 194.161451][ T7164] ? smk_tskacc+0x2ff/0x360 [ 194.166018][ T7164] ? smack_file_ioctl+0x2fa/0x3a0 [ 194.171072][ T7164] ? __pfx_smack_file_ioctl+0x10/0x10 [ 194.176481][ T7164] ? __fget_files+0x28/0x470 [ 194.181089][ T7164] ? bpf_lsm_file_ioctl+0x9/0x10 [ 194.186055][ T7164] ? security_file_ioctl+0x87/0xb0 [ 194.191228][ T7164] __se_sys_ioctl+0x81/0x170 [ 194.195819][ T7164] do_syscall_64+0xf9/0x240 [ 194.200351][ T7164] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 194.206274][ T7164] RIP: 0033:0x7f6a9ef46bd9 [ 194.210717][ T7164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 194.230530][ T7164] RSP: 002b:00007f6a9eee2218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.238967][ T7164] RAX: ffffffffffffffda RBX: 00007f6a9efd36d8 RCX: 00007f6a9ef46bd9 [ 194.247059][ T7164] RDX: 00000000200012c0 RSI: 00000000c020660b RDI: 0000000000000006 [ 194.255087][ T7164] RBP: 00007f6a9efd36d0 R08: 0000000000000000 R09: 0000000000000000 [ 194.263535][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a9efd36dc [ 194.271519][ T7164] R13: 00007f6a9efa0660 R14: 00007f6a9ef9b0c0 R15: 8000000000000001 [ 194.279675][ T7164] [ 194.282970][ T7164] Kernel Offset: disabled [ 194.287418][ T7164] Rebooting in 86400 seconds..