./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1250710350

<...>
Warning: Permanently added '10.128.1.185' (ECDSA) to the list of known hosts.
execve("./syz-executor1250710350", ["./syz-executor1250710350"], 0x7ffc7e79d870 /* 10 vars */) = 0
brk(NULL)                               = 0x55555683d000
brk(0x55555683dc40)                     = 0x55555683dc40
arch_prctl(ARCH_SET_FS, 0x55555683d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555683d5d0)         = 4990
set_robust_list(0x55555683d5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f8f5ef414b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8f5ef41b80}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f8f5ef41550, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f5ef41b80}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1250710350", 4096) = 28
brk(0x55555685ec40)                     = 0x55555685ec40
brk(0x55555685f000)                     = 0x55555685f000
mprotect(0x7f8f5f00b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 4990
mkdir("./syzkaller.Ymslgv", 0700)       = 0
chmod("./syzkaller.Ymslgv", 0777)       = 0
chdir("./syzkaller.Ymslgv")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555683d5d0) = 4991
./strace-static-x86_64: Process 4991 attached
[pid  4991] set_robust_list(0x55555683d5e0, 24) = 0
[pid  4991] chdir("./0")                = 0
[pid  4991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4991] setpgid(0, 0)               = 0
[pid  4991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4991] write(3, "1000", 4)         = 4
[pid  4991] close(3)                    = 0
[pid  4991] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4991] futex(0x7f8f5f0117ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f5ef10000
[pid  4991] mprotect(0x7f8f5ef11000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4991] clone(child_stack=0x7f8f5ef303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4993], tls=0x7f8f5ef30700, child_tidptr=0x7f8f5ef309d0) = 4993
[pid  4991] futex(0x7f8f5f0117a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4991] futex(0x7f8f5f0117ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4993 attached
 <unfinished ...>
[pid  4993] set_robust_list(0x7f8f5ef309e0, 24) = 0
[pid  4993] memfd_create("syzkaller", 0) = 3
[pid  4993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f56b10000
syzkaller login: [   56.172739][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor125'
[pid  4993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836
[pid  4993] munmap(0x7f8f56b10000, 32394836) = 0
[pid  4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4993] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4993] close(3)                    = 0
[pid  4993] mkdir("./bus", 0777)        = 0
[   56.479260][ T4993] loop0: detected capacity change from 0 to 63271
[   56.490744][ T4993] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605)
[   56.499758][ T4993] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   56.510844][ T4993] F2FS-fs (loop0): invalid crc value
[   56.519815][ T4993] F2FS-fs (loop0): Found nat_bits in checkpoint
[pid  4993] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0
[pid  4993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  4993] chdir("./bus")              = 0
[pid  4993] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4993] close(4)                    = 0
[pid  4993] futex(0x7f8f5f0117ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4991] <... futex resumed>)        = 0
[pid  4991] futex(0x7f8f5f0117a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4993] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 <unfinished ...>
[   56.551592][ T4993] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   56.558989][ T4993] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[pid  4991] futex(0x7f8f5f0117ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4993] <... open resumed>)         = 4
[pid  4993] futex(0x7f8f5f0117ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4991] <... futex resumed>)        = 0
[pid  4993] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC <unfinished ...>
[pid  4991] futex(0x7f8f5f0117a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   56.598144][   T27] audit: type=1800 audit(1682988082.260:2): pid=4993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor125" name="bus" dev="loop0" ino=4 res=0 errno=0
[pid  4991] futex(0x7f8f5f0117ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4991] futex(0x7f8f5f0117bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f589d4000
[pid  4991] mprotect(0x7f8f589d5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4991] clone(child_stack=0x7f8f589f43f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4998 attached
, parent_tid=[4998], tls=0x7f8f589f4700, child_tidptr=0x7f8f589f49d0) = 4998
[pid  4991] futex(0x7f8f5f0117b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4991] futex(0x7f8f5f0117bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4998] set_robust_list(0x7f8f589f49e0, 24) = 0
[pid  4998] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process)
[pid  4998] futex(0x7f8f5f0117bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4991] <... futex resumed>)        = 0
[pid  4998] futex(0x7f8f5f0117b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4993] <... pwritev2 resumed>)     = -1 EIO (Input/output error)
[   56.664477][ T4993] syz-executor125: attempt to access beyond end of device
[   56.664477][ T4993] loop0: rw=2049, sector=77824, nr_sectors = 2976 limit=63271
[   56.693816][ T4993] syz-executor125: attempt to access beyond end of device
[   56.693816][ T4993] loop0: rw=2049, sector=80800, nr_sectors = 1120 limit=63271
[   56.723054][ T4993] 
[   56.725409][ T4993] ================================================
[   56.731906][ T4993] WARNING: lock held when returning to user space!
[   56.738412][ T4993] 6.3.0-syzkaller-12378-gc8c655c34e33 #0 Not tainted
[   56.745087][ T4993] ------------------------------------------------
[   56.751584][ T4993] syz-executor125/4993 is leaving the kernel with locks still held!
[   56.759630][ T4993] 1 lock held by syz-executor125/4993:
[pid  4993] futex(0x7f8f5f0117ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4993] futex(0x7f8f5f0117a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4991] exit_group(0 <unfinished ...>
[pid  4998] <... futex resumed>)        = ?
[pid  4991] <... exit_group resumed>)   = ?
[pid  4998] +++ exited with 0 +++
[pid  4993] <... futex resumed>)        = ?
[pid  4993] +++ exited with 0 +++
[pid  4991] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4991, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=43 /* 0.43 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555683e620 /* 4 entries */, 32768) = 104
[   56.765074][ T4993]  #0: ffff88807effc448 (&sbi->node_write){++++}-{3:3}, at: f2fs_write_single_data_page+0xa10/0x1d50