./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2188650878 <...> Warning: Permanently added '10.128.10.42' (ED25519) to the list of known hosts. execve("./syz-executor2188650878", ["./syz-executor2188650878"], 0x7fff75a72870 /* 10 vars */) = 0 brk(NULL) = 0x555565b3a000 brk(0x555565b3ad40) = 0x555565b3ad40 arch_prctl(ARCH_SET_FS, 0x555565b3a3c0) = 0 set_tid_address(0x555565b3a690) = 5819 set_robust_list(0x555565b3a6a0, 24) = 0 rseq(0x555565b3ace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2188650878", 4096) = 28 getrandom("\xc7\xcd\x17\x05\xc0\x47\xef\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555565b3ad40 brk(0x555565b5bd40) = 0x555565b5bd40 brk(0x555565b5c000) = 0x555565b5c000 mprotect(0x7f201fb0a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) [ 68.316201][ T5819] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) [ 68.451386][ T5819] cgroup: Unknown subsys name 'cpuset' [ 68.463792][ T5819] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5819}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5819}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5822 attached , child_tidptr=0x555565b3a690) = 5822 [pid 5822] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] mkdir("./syzkaller.G9L4N4", 0700./strace-static-x86_64: Process 5823 attached [pid 5819] <... clone resumed>, child_tidptr=0x555565b3a690) = 5823 [pid 5823] set_robust_list(0x555565b3a6a0, 24 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] <... set_robust_list resumed>) = 0 [pid 5823] mkdir("./syzkaller.T84trj", 0700 [pid 5822] <... mkdir resumed>) = 0 [pid 5822] chmod("./syzkaller.G9L4N4", 0777./strace-static-x86_64: Process 5824 attached [pid 5823] <... mkdir resumed>) = 0 [pid 5822] <... chmod resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x555565b3a690) = 5824 [pid 5824] set_robust_list(0x555565b3a6a0, 24 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] <... set_robust_list resumed>) = 0 [pid 5823] chmod("./syzkaller.T84trj", 0777 [pid 5822] chdir("./syzkaller.G9L4N4" [pid 5824] mkdir("./syzkaller.xgBnR6", 0700 [pid 5823] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5825 attached [pid 5823] chdir("./syzkaller.T84trj" [pid 5822] <... chdir resumed>) = 0 [pid 5823] <... chdir resumed>) = 0 [pid 5822] unshare(CLONE_NEWPID [pid 5825] set_robust_list(0x555565b3a6a0, 24 [pid 5824] <... mkdir resumed>) = 0 [pid 5823] unshare(CLONE_NEWPID) = 0 [pid 5822] <... unshare resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... clone resumed>, child_tidptr=0x555565b3a690) = 5825 [pid 5825] <... set_robust_list resumed>) = 0 [pid 5824] chmod("./syzkaller.xgBnR6", 0777 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached [pid 5825] mkdir("./syzkaller.iD19Yk", 0700 [pid 5824] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5827 attached [pid 5827] set_robust_list(0x555565b3a6a0, 24 [pid 5826] set_robust_list(0x555565b3a6a0, 24 [pid 5827] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5828 attached [pid 5827] mkdir("./syzkaller.DnBcbK", 0700 [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] <... mkdir resumed>) = 0 [pid 5824] chdir("./syzkaller.xgBnR6" [pid 5819] <... clone resumed>, child_tidptr=0x555565b3a690) = 5827 [pid 5828] set_robust_list(0x555565b3a6a0, 24 [pid 5825] chmod("./syzkaller.iD19Yk", 0777 [pid 5823] <... clone resumed>, child_tidptr=0x555565b3a690) = 5826 [pid 5822] <... clone resumed>, child_tidptr=0x555565b3a690) = 5828 [pid 5824] <... chdir resumed>) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5824] unshare(CLONE_NEWPID [pid 5828] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI [pid 5827] <... mkdir resumed>) = 0 [pid 5826] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI [pid 5825] <... chmod resumed>) = 0 [pid 5824] <... unshare resumed>) = 0 [pid 5826] <... socket resumed>) = 3 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] openat(AT_FDCWD, "/dev/vhci", O_RDWR [pid 5828] <... socket resumed>) = 3 [pid 5827] chmod("./syzkaller.DnBcbK", 0777 [pid 5826] <... openat resumed>) = 4 [pid 5827] <... chmod resumed>) = 0 [pid 5825] chdir("./syzkaller.iD19Yk"./strace-static-x86_64: Process 5829 attached [pid 5829] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5828] openat(AT_FDCWD, "/dev/vhci", O_RDWR [pid 5827] chdir("./syzkaller.DnBcbK" [pid 5826] dup2(4, 202 [pid 5825] <... chdir resumed>) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x555565b3a690) = 5829 [pid 5829] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI [pid 5828] <... openat resumed>) = 4 [pid 5827] <... chdir resumed>) = 0 [pid 5828] dup2(4, 202 [pid 5827] unshare(CLONE_NEWPID [pid 5826] <... dup2 resumed>) = 202 [pid 5825] unshare(CLONE_NEWPID [pid 5829] <... socket resumed>) = 3 [pid 5827] <... unshare resumed>) = 0 [pid 5828] <... dup2 resumed>) = 202 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5825] <... unshare resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/vhci", O_RDWR [pid 5826] close(4 [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] close(4./strace-static-x86_64: Process 5830 attached [pid 5829] <... openat resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5829] dup2(4, 202 [pid 5828] write(202, "\xff\x00", 2 [pid 5826] <... close resumed>) = 0 ./strace-static-x86_64: Process 5831 attached [pid 5830] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... dup2 resumed>) = 202 [pid 5827] <... clone resumed>, child_tidptr=0x555565b3a690) = 5830 [pid 5826] write(202, "\xff\x00", 2 [pid 5831] set_robust_list(0x555565b3a6a0, 24 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] close(4 [pid 5830] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI [pid 5829] <... close resumed>) = 0 [pid 5825] <... clone resumed>, child_tidptr=0x555565b3a690) = 5831 [pid 5829] write(202, "\xff\x00", 2 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] <... socket resumed>) = 3 [pid 5831] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI [pid 5830] openat(AT_FDCWD, "/dev/vhci", O_RDWR [pid 5831] <... socket resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/vhci", O_RDWR [pid 5830] dup2(4, 202 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... dup2 resumed>) = 202 [pid 5831] dup2(4, 202 [pid 5830] close(4 [pid 5831] <... dup2 resumed>) = 202 [pid 5830] <... close resumed>) = 0 [pid 5831] close(4 [pid 5830] write(202, "\xff\x00", 2 [pid 5831] <... close resumed>) = 0 [pid 5831] write(202, "\xff\x00", 2 [pid 5826] <... write resumed>) = 2 [pid 5826] read(202, "\xff\x00\x01\x00", 4) = 4 [pid 5826] rt_sigaction(SIGRT_1, {sa_handler=0x7f201fab1a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f201faa33a0}, NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... write resumed>) = 2 [pid 5830] <... write resumed>) = 2 [pid 5829] <... write resumed>) = 2 [pid 5828] <... write resumed>) = 2 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] read(202, [pid 5829] read(202, [pid 5828] read(202, [pid 5826] <... mmap resumed>) = 0x7f201f236000 [pid 5831] read(202, [pid 5830] <... read resumed>"\xff\x00\x03\x00", 4) = 4 [pid 5829] <... read resumed>"\xff\x00\x02\x00", 4) = 4 [pid 5828] <... read resumed>"\xff\x00\x00\x00", 4) = 4 [pid 5826] mprotect(0x7f201f237000, 8388608, PROT_READ|PROT_WRITE [pid 5831] <... read resumed>"\xff\x00\x04\x00", 4) = 4 [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7f201fab1a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f201faa33a0}, [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f201fab1a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f201faa33a0}, [pid 5826] <... mprotect resumed>) = 0 [pid 5831] rt_sigaction(SIGRT_1, {sa_handler=0x7f201fab1a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f201faa33a0}, [pid 5830] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5829] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5828] rt_sigaction(SIGRT_1, {sa_handler=0x7f201fab1a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f201faa33a0}, [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5829] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201fa36990, parent_tid=0x7f201fa36990, exit_signal=0, stack=0x7f201f236000, stack_size=0x800300, tls=0x7f201fa366c0} [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... mmap resumed>) = 0x7f201f236000 [pid 5829] <... mmap resumed>) = 0x7f201f236000 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] mprotect(0x7f201f237000, 8388608, PROT_READ|PROT_WRITE [pid 5829] mprotect(0x7f201f237000, 8388608, PROT_READ|PROT_WRITE [pid 5828] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... mprotect resumed>) = 0 [pid 5829] <... mprotect resumed>) = 0 [pid 5828] <... mmap resumed>) = 0x7f201f236000 [pid 5831] <... mmap resumed>) = 0x7f201f236000 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5828] mprotect(0x7f201f237000, 8388608, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5837 attached [pid 5831] mprotect(0x7f201f237000, 8388608, PROT_READ|PROT_WRITE [pid 5829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5828] <... mprotect resumed>) = 0 [pid 5826] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5837] rseq(0x7f201fa36fe0, 0x20, 0, 0x53053053 [pid 5831] <... mprotect resumed>) = 0 [pid 5830] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201fa36990, parent_tid=0x7f201fa36990, exit_signal=0, stack=0x7f201f236000, stack_size=0x800300, tls=0x7f201fa366c0} [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... rseq resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201fa36990, parent_tid=0x7f201fa36990, exit_signal=0, stack=0x7f201f236000, stack_size=0x800300, tls=0x7f201fa366c0}./strace-static-x86_64: Process 5839 attached [pid 5837] set_robust_list(0x7f201fa369a0, 24./strace-static-x86_64: Process 5840 attached [pid 5839] rseq(0x7f201fa36fe0, 0x20, 0, 0x53053053 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5831] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5828] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... rseq resumed>) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201fa36990, parent_tid=0x7f201fa36990, exit_signal=0, stack=0x7f201f236000, stack_size=0x800300, tls=0x7f201fa366c0} [pid 5830] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201fa36990, parent_tid=0x7f201fa36990, exit_signal=0, stack=0x7f201f236000, stack_size=0x800300, tls=0x7f201fa366c0} [pid 5826] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5843 attached [pid 5840] rseq(0x7f201fa36fe0, 0x20, 0, 0x53053053 [pid 5839] set_robust_list(0x7f201fa369a0, 24 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5844 attached [pid 5843] rseq(0x7f201fa36fe0, 0x20, 0, 0x53053053 [pid 5840] <... rseq resumed>) = 0 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5837] read(202, [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] rseq(0x7f201fa36fe0, 0x20, 0, 0x53053053 [pid 5843] <... rseq resumed>) = 0 [pid 5840] set_robust_list(0x7f201fa369a0, 24 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5831] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] ioctl(3, HCIDEVUP [pid 5828] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5844] <... rseq resumed>) = 0 [pid 5843] set_robust_list(0x7f201fa369a0, 24 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] ioctl(3, HCIDEVUP [pid 5844] set_robust_list(0x7f201fa369a0, 24 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] read(202, [pid 5837] <... writev resumed>) = 255 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] read(202, [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] ioctl(3, HCIDEVUP [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] read(202, [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] read(202, [pid 5828] ioctl(3, HCIDEVUP [pid 5844] read(202, [pid 5843] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5843] read(202, [pid 5844] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5840] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5839] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] <... read resumed>"\x01\x03\x10\x00", 1024) = 4 [pid 5840] <... writev resumed>) = 255 [pid 5844] read(202, [pid 5843] <... read resumed>"\x01\x03\x10\x00", 1024) = 4 [pid 5840] read(202, [pid 5844] <... read resumed>"\x01\x03\x10\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5843] <... writev resumed>) = 255 [pid 5839] <... writev resumed>) = 255 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... writev resumed>) = 255 [pid 5840] <... read resumed>"\x01\x03\x10\x00", 1024) = 4 [pid 5843] read(202, [pid 5839] read(202, [pid 5843] <... read resumed>"\x01\x01\x10\x00", 1024) = 4 [ 69.002525][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.010603][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.013594][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.019585][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.030349][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.032865][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.041209][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] read(202, [pid 5843] <... writev resumed>) = 255 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] <... read resumed>"\x01\x03\x10\x00", 1024) = 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... read resumed>"\x01\x01\x10\x00", 1024) = 4 [pid 5840] <... writev resumed>) = 255 [pid 5839] <... writev resumed>) = 255 [pid 5843] read(202, [pid 5839] read(202, [pid 5843] <... read resumed>"\x01\x09\x10\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5843] read(202, [pid 5837] <... writev resumed>) = 255 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5843] <... read resumed>"\x01\x05\x10\x00", 1024) = 4 [pid 5840] read(202, [pid 5839] <... read resumed>"\x01\x01\x10\x00", 1024) = 4 [pid 5844] <... writev resumed>) = 255 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] read(202, [pid 5844] read(202, [pid 5843] <... writev resumed>) = 14 [pid 5840] <... read resumed>"\x01\x01\x10\x00", 1024) = 4 [pid 5844] <... read resumed>"\x01\x09\x10\x00", 1024) = 4 [ 69.048246][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.055806][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.060875][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.068019][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.088737][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.091255][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4 [pid 5843] read(202, [pid 5840] <... writev resumed>) = 255 [pid 5839] <... writev resumed>) = 255 [pid 5837] <... read resumed>"\x01\x01\x10\x00", 1024) = 4 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... writev resumed>) = 13 [pid 5843] <... read resumed>"\x01\x23\x0c\x00", 1024) = 4 [pid 5840] read(202, [pid 5839] read(202, [pid 5837] <... writev resumed>) = 255 [pid 5844] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] <... read resumed>"\x01\x09\x10\x00", 1024) = 4 [pid 5843] <... writev resumed>) = 255 [pid 5840] <... read resumed>"\x01\x09\x10\x00", 1024) = 4 [pid 5837] read(202, [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5840] read(202, [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4 [pid 5843] read(202, [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4 [pid 5837] <... read resumed>"\x01\x09\x10\x00", 1024) = 4 [pid 5844] <... writev resumed>) = 14 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4 [pid 5844] read(202, [pid 5843] <... read resumed>"\x01\x14\x0c\x00", 1024) = 4 [pid 5840] <... read resumed>"\x01\x05\x10\x00", 1024) = 4 [pid 5839] <... writev resumed>) = 13 [pid 5837] <... writev resumed>) = 13 [pid 5844] <... read resumed>"\x01\x23\x0c\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4 [pid 5839] read(202, [pid 5837] read(202, [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5843] <... writev resumed>) = 255 [pid 5840] <... writev resumed>) = 14 [pid 5844] <... writev resumed>) = 255 [pid 5843] read(202, [pid 5840] read(202, [pid 5839] <... read resumed>"\x01\x05\x10\x00", 1024) = 4 [pid 5837] <... read resumed>"\x01\x05\x10\x00", 1024) = 4 [pid 5844] read(202, [pid 5843] <... read resumed>"\x01\x25\x0c\x00", 1024) = 4 [pid 5840] <... read resumed>"\x01\x23\x0c\x00", 1024) = 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] <... writev resumed>) = 14 [pid 5837] <... writev resumed>) = 14 [ 69.097704][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.105929][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.113095][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.134163][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.137775][ T5846] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 5843] <... writev resumed>) = 255 [pid 5844] <... read resumed>"\x01\x14\x0c\x00", 1024) = 4 [pid 5840] <... writev resumed>) = 255 [pid 5839] read(202, [pid 5837] read(202, [pid 5843] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5839] <... read resumed>"\x01\x23\x0c\x00", 1024) = 4 [pid 5837] <... read resumed>"\x01\x23\x0c\x00", 1024) = 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] read(202, [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... writev resumed>) = 255 [pid 5843] <... writev resumed>) = 255 [pid 5840] <... read resumed>"\x01\x14\x0c\x00", 1024) = 4 [pid 5839] <... writev resumed>) = 255 [pid 5837] <... writev resumed>) = 255 [pid 5844] read(202, [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... read resumed>"\x01\x25\x0c\x00", 1024) = 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] <... writev resumed>) = 255 [pid 5844] <... writev resumed>) = 255 [pid 5843] read(202, [pid 5840] read(202, [pid 5839] read(202, [pid 5837] read(202, [pid 5844] read(202, [pid 5843] <... read resumed>"\x01\x39\x0c\x00", 1024) = 4 [pid 5840] <... read resumed>"\x01\x25\x0c\x00", 1024) = 4 [pid 5839] <... read resumed>"\x01\x14\x0c\x00", 1024) = 4 [pid 5837] <... read resumed>"\x01\x14\x0c\x00", 1024) = 4 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... read resumed>"\x01\x38\x0c\x00", 1024) = 4 [pid 5843] <... writev resumed>) = 255 [pid 5840] <... writev resumed>) = 255 [pid 5839] <... writev resumed>) = 255 [pid 5837] <... writev resumed>) = 255 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5843] read(202, [pid 5840] read(202, [pid 5839] read(202, [pid 5837] read(202, [pid 5844] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5843] <... read resumed>"\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5840] <... read resumed>"\x01\x38\x0c\x00", 1024) = 4 [pid 5839] <... read resumed>"\x01\x25\x0c\x00", 1024) = 4 [pid 5844] read(202, [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5844] <... read resumed>"\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5840] <... writev resumed>) = 255 [pid 5837] <... read resumed>"\x01\x25\x0c\x00", 1024) = 4 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 69.143514][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.157342][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.158016][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.164743][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.174827][ T5845] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.184120][ T5846] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.186987][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [pid 5844] read(202, [pid 5839] <... writev resumed>) = 255 [pid 5839] read(202, [pid 5843] <... writev resumed>) = 255 [pid 5843] read(202, [pid 5840] read(202, [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5837] read(202, [pid 5831] <... ioctl resumed>, 0x4) = -1 EALREADY (Operation already in progress) [pid 5840] <... read resumed>"\x01\x39\x0c\x00", 1024) = 4 [pid 5839] <... read resumed>"\x01\x38\x0c\x00", 1024) = 4 [pid 5837] <... read resumed>"\x01\x38\x0c\x00", 1024) = 4 [pid 5828] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5831] ioctl(3, HCISETSCAN [pid 5840] <... writev resumed>) = 255 [pid 5839] <... writev resumed>) = 255 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5828] ioctl(3, HCISETSCAN [pid 5844] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5844] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5831] <... ioctl resumed>, 0x7ffc8801933c) = 0 [pid 5831] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5831] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5839] read(202, [pid 5837] <... writev resumed>) = 255 [pid 5831] <... writev resumed>) = 14 [pid 5844] <... writev resumed>) = 7 [pid 5843] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5840] read(202, [pid 5839] <... read resumed>"\x01\x39\x0c\x00", 1024) = 4 [pid 5837] read(202, [pid 5831] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5843] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5840] <... read resumed>"\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] <... read resumed>"\x01\x39\x0c\x00", 1024) = 4 [pid 5831] <... writev resumed>) = 14 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5839] <... writev resumed>) = 255 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5831] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3 [pid 5844] madvise(0x7f201f236000, 8372224, MADV_DONTNEED [pid 5840] <... writev resumed>) = 255 [pid 5839] read(202, [pid 5837] <... writev resumed>) = 255 [pid 5831] <... writev resumed>) = 22 [pid 5844] <... madvise resumed>) = 0 [pid 5840] read(202, [pid 5837] read(202, [pid 5831] futex(0x7f201fa36990, FUTEX_WAIT_BITSET|FUTEX_CLOCK_REALTIME, 2, NULL, FUTEX_BITSET_MATCH_ANY [pid 5844] exit(0) = ? [pid 5844] +++ exited with 0 +++ [pid 5831] <... futex resumed>) = 0 [pid 5831] close(3 [pid 5843] <... writev resumed>) = 7 [pid 5839] <... read resumed>"\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5837] <... read resumed>"\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5830] <... ioctl resumed>, 0x3) = -1 EALREADY (Operation already in progress) [pid 5828] <... ioctl resumed>, 0x7ffc8801933c) = 0 [pid 5831] <... close resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] ioctl(3, HCISETSCAN [pid 5828] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5843] madvise(0x7f201f236000, 8372224, MADV_DONTNEED [pid 5839] <... writev resumed>) = 255 [pid 5837] <... writev resumed>) = 255 [pid 5831] <... prctl resumed>) = 0 [pid 5843] <... madvise resumed>) = 0 [pid 5829] <... ioctl resumed>, 0x2) = -1 EALREADY (Operation already in progress) [pid 5843] exit(0 [pid 5829] ioctl(3, HCISETSCAN [pid 5826] <... ioctl resumed>, 0x1) = -1 EALREADY (Operation already in progress) [pid 5843] <... exit resumed>) = ? [pid 5839] read(202, [pid 5831] getppid( [pid 5828] <... writev resumed>) = 13 [pid 5837] read(202, [pid 5843] +++ exited with 0 +++ [pid 5840] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5839] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5831] <... getppid resumed>) = 0 [pid 5828] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5826] ioctl(3, HCISETSCAN [pid 5840] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5839] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5831] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5828] <... writev resumed>) = 14 [pid 5828] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5840] <... writev resumed>) = 7 [pid 5839] <... writev resumed>) = 7 [pid 5837] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5830] <... ioctl resumed>, 0x7ffc8801933c) = 0 [pid 5829] <... ioctl resumed>, 0x7ffc8801933c) = 0 [pid 5828] <... writev resumed>) = 14 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5837] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5831] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5830] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5829] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... writev resumed>) = 7 [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5830] <... writev resumed>) = 13 [pid 5829] <... writev resumed>) = 13 [pid 5828] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3 [pid 5826] <... ioctl resumed>, 0x7ffc8801933c) = 0 [pid 5840] madvise(0x7f201f236000, 8372224, MADV_DONTNEED [pid 5839] madvise(0x7f201f236000, 8372224, MADV_DONTNEED [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5831] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5830] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5829] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5828] <... writev resumed>) = 22 [pid 5826] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5840] <... madvise resumed>) = 0 [pid 5839] <... madvise resumed>) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5830] <... writev resumed>) = 14 [pid 5829] <... writev resumed>) = 14 [ 69.202720][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.209426][ T5836] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.210287][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.228672][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.236930][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [pid 5828] close(3 [pid 5826] <... writev resumed>) = 13 [pid 5840] exit(0 [pid 5839] exit(0 [pid 5837] madvise(0x7f201f236000, 8372224, MADV_DONTNEED [pid 5831] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5830] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5829] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5828] <... close resumed>) = 0 [pid 5826] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5840] <... exit resumed>) = ? [pid 5837] <... madvise resumed>) = 0 [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5840] +++ exited with 0 +++ [pid 5839] <... exit resumed>) = ? [pid 5837] exit(0 [pid 5831] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5830] <... writev resumed>) = 14 [pid 5829] <... writev resumed>) = 14 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5826] <... writev resumed>) = 14 [pid 5839] +++ exited with 0 +++ [pid 5837] <... exit resumed>) = ? [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5830] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3 [pid 5837] +++ exited with 0 +++ [pid 5831] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5830] <... writev resumed>) = 22 [pid 5829] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3 [pid 5831] <... prlimit64 resumed>NULL) = 0 [pid 5828] <... prctl resumed>) = 0 [pid 5826] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5831] unshare(CLONE_NEWNS [pid 5830] close(3 [pid 5829] <... writev resumed>) = 22 [pid 5828] getppid( [pid 5826] <... writev resumed>) = 14 [pid 5831] <... unshare resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] close(3 [pid 5828] <... getppid resumed>) = 0 [pid 5831] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... close resumed>) = 0 [pid 5828] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5826] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... prctl resumed>) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5826] <... writev resumed>) = 22 [pid 5829] <... prctl resumed>) = 0 [pid 5828] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5829] getppid( [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5826] close(3 [pid 5831] unshare(CLONE_NEWIPC [pid 5830] getppid( [pid 5829] <... getppid resumed>) = 0 [pid 5828] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5826] <... close resumed>) = 0 [pid 5831] <... unshare resumed>) = 0 [pid 5830] <... getppid resumed>) = 0 [pid 5829] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5831] unshare(CLONE_NEWCGROUP [pid 5830] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... unshare resumed>) = 0 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5829] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5826] <... prctl resumed>) = 0 [pid 5831] unshare(CLONE_NEWUTS [pid 5830] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5826] getppid( [pid 5831] <... unshare resumed>) = 0 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5831] unshare(CLONE_SYSVSEM [pid 5830] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5829] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5826] <... getppid resumed>) = 0 [pid 5831] <... unshare resumed>) = 0 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5826] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5830] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5829] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5828] <... prlimit64 resumed>NULL) = 0 [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] unshare(CLONE_NEWNS [pid 5826] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5830] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5828] <... unshare resumed>) = 0 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5829] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5826] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5831] write(3, "16777216", 8 [pid 5830] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5831] <... write resumed>) = 8 [pid 5830] <... prlimit64 resumed>NULL) = 0 [pid 5829] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5831] close(3 [pid 5830] unshare(CLONE_NEWNS [pid 5829] <... prlimit64 resumed>NULL) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5826] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5831] <... close resumed>) = 0 [pid 5830] <... unshare resumed>) = 0 [pid 5829] unshare(CLONE_NEWNS [pid 5828] unshare(CLONE_NEWIPC [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5830] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5829] <... unshare resumed>) = 0 [pid 5826] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5828] <... unshare resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... mount resumed>) = 0 [pid 5829] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5828] unshare(CLONE_NEWCGROUP [pid 5831] write(3, "536870912", 9 [pid 5830] unshare(CLONE_NEWIPC [pid 5831] <... write resumed>) = 9 [pid 5829] <... mount resumed>) = 0 [pid 5826] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5828] <... unshare resumed>) = 0 [pid 5831] close(3 [pid 5830] <... unshare resumed>) = 0 [pid 5829] unshare(CLONE_NEWIPC [pid 5826] <... prlimit64 resumed>NULL) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] unshare(CLONE_NEWUTS [pid 5829] <... unshare resumed>) = 0 [pid 5826] unshare(CLONE_NEWNS [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5830] unshare(CLONE_NEWCGROUP [pid 5829] unshare(CLONE_NEWCGROUP [pid 5828] <... unshare resumed>) = 0 [pid 5830] <... unshare resumed>) = 0 [pid 5828] unshare(CLONE_SYSVSEM [pid 5830] unshare(CLONE_NEWUTS [pid 5829] <... unshare resumed>) = 0 [pid 5828] <... unshare resumed>) = 0 [pid 5826] <... unshare resumed>) = 0 [pid 5830] <... unshare resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] unshare(CLONE_SYSVSEM [pid 5829] unshare(CLONE_NEWUTS [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5826] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5831] write(3, "1024", 4 [pid 5830] <... unshare resumed>) = 0 [pid 5829] <... unshare resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... mount resumed>) = 0 [pid 5831] <... write resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5829] unshare(CLONE_SYSVSEM [pid 5828] write(3, "16777216", 8 [pid 5826] unshare(CLONE_NEWIPC [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... unshare resumed>) = 0 [pid 5828] <... write resumed>) = 8 [pid 5831] <... close resumed>) = 0 [pid 5828] close(3 [pid 5826] <... unshare resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5830] write(3, "16777216", 8 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5828] <... close resumed>) = 0 [pid 5826] unshare(CLONE_NEWCGROUP [pid 5831] <... openat resumed>) = 3 [pid 5830] <... write resumed>) = 8 [pid 5831] write(3, "8192", 4 [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5826] <... unshare resumed>) = 0 [pid 5830] close(3 [pid 5831] <... write resumed>) = 4 [pid 5829] write(3, "16777216", 8 [pid 5831] close(3 [pid 5826] unshare(CLONE_NEWUTS [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 8 [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5829] close(3 [pid 5826] <... unshare resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5830] write(3, "536870912", 9 [pid 5828] write(3, "536870912", 9 [pid 5826] unshare(CLONE_SYSVSEM [pid 5831] write(3, "1024", 4 [pid 5830] <... write resumed>) = 9 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5826] <... unshare resumed>) = 0 [pid 5828] <... write resumed>) = 9 [pid 5831] <... write resumed>) = 4 [pid 5830] close(3 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5828] close(3 [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5829] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5826] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5829] write(3, "536870912", 9 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5826] write(3, "16777216", 8) = 8 [pid 5831] <... openat resumed>) = 3 [pid 5830] write(3, "1024", 4 [pid 5829] <... write resumed>) = 9 [pid 5828] <... openat resumed>) = 3 [pid 5826] close(3 [pid 5831] write(3, "1024", 4 [pid 5829] close(3 [pid 5828] write(3, "1024", 4 [pid 5831] <... write resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5831] close(3 [pid 5828] <... write resumed>) = 4 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5831] <... close resumed>) = 0 [pid 5828] close(3 [pid 5831] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5830] <... write resumed>) = 4 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5829] write(3, "1024", 4 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5831] write(3, "1024 1048576 500 1024", 21 [pid 5830] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5829] close(3 [pid 5828] write(3, "8192", 4 [pid 5831] <... write resumed>) = 21 [pid 5826] write(3, "536870912", 9 [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] <... write resumed>) = 4 [pid 5826] <... write resumed>) = 9 [pid 5831] <... close resumed>) = 0 [pid 5830] write(3, "8192", 4 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5828] close(3 [pid 5826] close(3 [pid 5831] getpid( [pid 5830] <... write resumed>) = 4 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5831] <... getpid resumed>) = 1 [pid 5830] close(3 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5829] write(3, "8192", 4 [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5831] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5830] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5831] <... capget resumed>{effective=1< [pid 5829] close(3 [pid 5828] write(3, "1024", 4 [pid 5831] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] <... write resumed>) = 4 [pid 5826] write(3, "1024", 4 [pid 5831] <... capset resumed>) = 0 [pid 5830] write(3, "1024", 4 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5828] close(3 [pid 5826] <... write resumed>) = 4 [pid 5831] unshare(CLONE_NEWNET [pid 5830] <... write resumed>) = 4 [pid 5826] close(3 [pid 5830] close(3 [pid 5826] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5826] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5826] write(3, "8192", 4 [pid 5830] write(3, "1024", 4 [pid 5829] write(3, "1024", 4 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5830] <... write resumed>) = 4 [pid 5829] <... write resumed>) = 4 [pid 5826] <... write resumed>) = 4 [pid 5829] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] write(3, "1024", 4 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5828] <... write resumed>) = 4 [pid 5828] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5829] write(3, "1024", 4 [pid 5828] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 4 [pid 5828] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5829] close(3 [pid 5830] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] write(3, "1024 1048576 500 1024", 21 [pid 5829] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5828] <... write resumed>) = 21 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] close(3 [pid 5826] close(3 [pid 5830] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5826] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] write(3, "1024 1048576 500 1024", 21 [pid 5828] <... close resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5829] <... write resumed>) = 21 [pid 5828] getpid( [pid 5829] close(3 [pid 5828] <... getpid resumed>) = 1 [pid 5830] write(3, "1024 1048576 500 1024", 21 [pid 5829] <... close resumed>) = 0 [pid 5828] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5826] <... openat resumed>) = 3 [pid 5829] getpid( [pid 5828] <... capget resumed>{effective=1<) = 1 [pid 5828] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5829] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5828] <... capset resumed>) = 0 [pid 5829] <... capget resumed>{effective=1< [pid 5830] <... write resumed>) = 21 [pid 5826] write(3, "1024", 4 [pid 5830] close(3 [pid 5826] <... write resumed>) = 4 [pid 5830] <... close resumed>) = 0 [pid 5826] close(3 [pid 5830] getpid( [pid 5826] <... close resumed>) = 0 [pid 5830] <... getpid resumed>) = 1 [pid 5829] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5830] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5829] <... capset resumed>) = 0 [pid 5826] <... openat resumed>) = 3 [pid 5830] <... capget resumed>{effective=1< [pid 5830] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5826] write(3, "1024", 4 [pid 5830] <... capset resumed>) = 0 [pid 5826] <... write resumed>) = 4 [pid 5830] unshare(CLONE_NEWNET [pid 5826] close(3) = 0 [pid 5826] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5826] close(3) = 0 [pid 5826] getpid() = 1 [pid 5826] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5831] <... unshare resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "0 65535", 7) = 7 [pid 5831] close(3) = 0 [pid 5831] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 5831] dup2(3, 200) = 200 [pid 5831] close(3) = 0 [pid 5831] ioctl(200, TUNSETIFF, 0x7ffc88019410) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "0", 1) = 1 [pid 5831] close(3) = 0 [pid 5831] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "0", 1) = 1 [pid 5831] close(3) = 0 [pid 5831] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5831] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 5831] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5831] close(4) = 0 [pid 5831] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5830] <... unshare resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] <... sendto resumed>) = 40 [pid 5830] write(3, "0 65535", 7) = 7 [pid 5831] recvfrom(3, [pid 5830] close(3 [pid 5831] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5830] <... close resumed>) = 0 [pid 5831] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5830] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 5831] <... socket resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 5831] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5830] dup2(3, 200 [pid 5831] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5830] <... dup2 resumed>) = 200 [pid 5830] close(3 [pid 5831] close(4 [pid 5830] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] ioctl(200, TUNSETIFF, 0x7ffc88019410 [pid 5831] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64 [pid 5830] <... ioctl resumed>) = 0 [pid 5826] <... unshare resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 5826] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5830] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5830] write(3, "0", 1) = 1 [pid 5826] write(3, "0 65535", 7 [pid 5830] close(3 [pid 5826] <... write resumed>) = 7 [pid 5831] recvfrom(3, [pid 5830] <... close resumed>) = 0 [pid 5826] close(3 [pid 5830] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] <... close resumed>) = 0 [pid 5831] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 5831] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5830] write(3, "0", 1 [pid 5826] <... openat resumed>) = 3 [pid 5831] <... socket resumed>) = 4 [pid 5830] <... write resumed>) = 1 [pid 5826] dup2(3, 200 [pid 5831] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5830] close(3 [pid 5826] <... dup2 resumed>) = 200 [pid 5831] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5830] <... close resumed>) = 0 [pid 5826] close(3 [pid 5831] close(4 [pid 5830] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 5826] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... socket resumed>) = 3 [pid 5831] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 5826] ioctl(200, TUNSETIFF, 0x7ffc88019410 [pid 5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5830] close(4) = 0 [pid 5830] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] <... sendto resumed>) = 48 [pid 5826] <... ioctl resumed>) = 0 [pid 5829] <... unshare resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5826] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 5831] recvfrom(3, [pid 5829] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5831] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5830] <... sendto resumed>) = 40 [pid 5831] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5829] write(3, "0 65535", 7 [pid 5830] recvfrom(3, [pid 5826] write(3, "0", 1 [pid 5831] <... socket resumed>) = 4 [pid 5830] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5829] <... write resumed>) = 7 [pid 5826] <... write resumed>) = 1 [pid 5831] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5829] close(3 [pid 5826] close(3 [pid 5831] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5830] <... socket resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5828] <... unshare resumed>) = 0 [pid 5831] close(4 [pid 5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5826] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5831] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5830] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5826] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 5828] <... openat resumed>) = 3 [pid 5830] close(4 [pid 5829] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 5831] <... sendto resumed>) = 60 [pid 5828] write(3, "0 65535", 7 [pid 5826] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] dup2(3, 200) = 200 [pid 5829] close(3 [pid 5831] recvfrom(3, [pid 5830] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5829] <... close resumed>) = 0 [pid 5828] <... write resumed>) = 7 [pid 5826] write(3, "0", 1 [pid 5831] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5830] <... sendto resumed>) = 64 [pid 5829] ioctl(200, TUNSETIFF, 0x7ffc88019410 [pid 5828] close(3 [pid 5826] <... write resumed>) = 1 [pid 5831] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5830] recvfrom(3, [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5826] close(3 [pid 5831] <... socket resumed>) = 4 [pid 5830] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 5826] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5830] <... socket resumed>) = 4 [pid 5829] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 5828] <... openat resumed>) = 3 [pid 5826] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 5831] close(4 [pid 5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5829] <... openat resumed>) = 3 [pid 5828] dup2(3, 200 [pid 5826] <... socket resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5828] <... dup2 resumed>) = 200 [pid 5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5831] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5830] close(4 [pid 5829] write(3, "0", 1 [pid 5828] close(3 [pid 5826] <... socket resumed>) = 4 [pid 5831] <... sendto resumed>) = 44 [pid 5830] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 1 [pid 5828] <... close resumed>) = 0 [pid 5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5828] ioctl(200, TUNSETIFF, 0x7ffc88019410 [pid 5830] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] recvfrom(3, [pid 5830] <... sendto resumed>) = 48 [pid 5829] close(3 [pid 5828] <... ioctl resumed>) = 0 [pid 5826] close(4 [pid 5830] recvfrom(3, [pid 5829] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 5830] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5829] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5826] <... sendto resumed>) = 40 [pid 5829] write(3, "0", 1 [pid 5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 5831] <... close resumed>) = 0 [pid 5830] <... socket resumed>) = 4 [pid 5829] <... write resumed>) = 1 [pid 5828] <... openat resumed>) = 3 [pid 5826] recvfrom(3, [pid 5831] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5829] close(3 [pid 5828] write(3, "0", 1 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... write resumed>) = 1 [pid 5826] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] write(3, "100000", 6 [pid 5830] close(4 [pid 5829] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 5828] close(3 [pid 5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5831] <... write resumed>) = 6 [pid 5830] <... close resumed>) = 0 [pid 5829] <... socket resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5831] close(3 [pid 5830] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5829] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 5826] <... socket resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 5830] <... sendto resumed>) = 60 [pid 5829] <... socket resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5831] mkdir("./syz-tmp", 0777 [pid 5830] recvfrom(3, [pid 5829] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] write(3, "0", 1 [pid 5830] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5829] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5828] <... write resumed>) = 1 [pid 5826] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5829] close(4 [pid 5828] close(3 [pid 5830] <... socket resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5826] close(4 [pid 5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 5831] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 5830] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5829] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5828] <... socket resumed>) = 3 [pid 5826] <... close resumed>) = 0 [pid 5831] <... mount resumed>) = 0 [pid 5830] close(4 [pid 5828] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5830] <... close resumed>) = 0 [pid 5828] <... socket resumed>) = 4 [pid 5826] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] mkdir("./syz-tmp/newroot", 0777 [pid 5830] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5829] <... sendto resumed>) = 40 [pid 5828] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... sendto resumed>) = 44 [pid 5826] <... sendto resumed>) = 64 [pid 5831] mkdir("./syz-tmp/newroot/dev", 0700 [pid 5829] recvfrom(3, [pid 5828] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5826] recvfrom(3, [pid 5828] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5828] <... close resumed>) = 0 [pid 5826] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5830] recvfrom(3, [pid 5829] <... socket resumed>) = 4 [pid 5828] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5826] <... socket resumed>) = 4 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5829] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] <... sendto resumed>) = 40 [pid 5831] mkdir("./syz-tmp/newroot/proc", 0700 [pid 5830] close(3 [pid 5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5829] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] close(4 [pid 5826] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5830] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5831] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5826] close(4 [pid 5830] write(3, "100000", 6 [pid 5828] recvfrom(3, [pid 5830] <... write resumed>) = 6 [pid 5828] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] <... close resumed>) = 0 [pid 5831] <... mount resumed>) = 0 [pid 5830] close(3 [pid 5829] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5828] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5826] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 5830] <... close resumed>) = 0 [pid 5829] <... sendto resumed>) = 64 [pid 5828] <... socket resumed>) = 4 [pid 5830] mkdir("./syz-tmp", 0777 [pid 5826] <... sendto resumed>) = 48 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] recvfrom(3, [pid 5828] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5826] recvfrom(3, [pid 5828] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 5829] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5828] close(4 [pid 5826] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5830] <... mount resumed>) = 0 [pid 5829] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] <... close resumed>) = 0 [pid 5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5831] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mkdir("./syz-tmp/newroot", 0777 [pid 5829] <... socket resumed>) = 4 [pid 5828] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5826] <... socket resumed>) = 4 [pid 5831] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] <... sendto resumed>) = 64 [pid 5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5831] mkdir("./syz-tmp/newroot/sys", 0700 [pid 5830] mkdir("./syz-tmp/newroot/dev", 0700 [pid 5829] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5828] recvfrom(3, [pid 5826] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] close(4 [pid 5828] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] close(4 [pid 5831] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... close resumed>) = 0 [pid 5828] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5826] <... close resumed>) = 0 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5828] <... socket resumed>) = 4 [pid 5826] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mkdir("./syz-tmp/newroot/proc", 0700 [pid 5829] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5828] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5826] <... sendto resumed>) = 60 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... sendto resumed>) = 48 [pid 5828] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5826] recvfrom(3, [pid 5831] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 5828] close(4 [pid 5826] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5829] recvfrom(3, [pid 5828] <... close resumed>) = 0 [pid 5826] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5829] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5828] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 5829] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] <... sendto resumed>) = 48 [pid 5826] <... socket resumed>) = 4 [pid 5831] <... mount resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... socket resumed>) = 4 [pid 5828] recvfrom(3, [pid 5826] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5831] mkdir("./syz-tmp/newroot/syzcgroup", 0700 [pid 5830] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5828] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5826] close(4 [pid 5831] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700 [pid 5830] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] close(4 [pid 5828] <... socket resumed>) = 4 [pid 5826] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... close resumed>) = 0 [pid 5828] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5826] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5831] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700 [pid 5830] mkdir("./syz-tmp/newroot/sys", 0700 [pid 5829] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5828] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5826] <... sendto resumed>) = 44 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] close(4 [pid 5829] <... sendto resumed>) = 60 [pid 5828] <... close resumed>) = 0 [pid 5830] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5829] recvfrom(3, [pid 5831] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700 [pid 5830] <... mount resumed>) = 0 [pid 5829] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5828] <... sendto resumed>) = 60 [pid 5826] recvfrom(3, [pid 5831] <... mkdir resumed>) = 0 [pid 5830] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5828] recvfrom(3, [pid 5826] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] <... mount resumed>) = 0 [pid 5829] <... socket resumed>) = 4 [pid 5828] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5826] close(3 [pid 5831] <... mount resumed>) = 0 [pid 5830] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5828] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 5826] <... close resumed>) = 0 [pid 5831] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] <... mount resumed>) = 0 [pid 5829] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5828] <... socket resumed>) = 4 [pid 5826] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5831] <... mount resumed>) = 0 [pid 5830] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] close(4 [pid 5828] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 5826] <... openat resumed>) = 3 [pid 5831] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] <... mount resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 5831] <... mount resumed>) = 0 [pid 5826] write(3, "100000", 6 [pid 5828] close(4 [pid 5829] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5828] <... close resumed>) = 0 [pid 5831] mkdir("./syz-tmp/pivot", 0777 [pid 5830] mkdir("./syz-tmp/newroot/syzcgroup", 0700 [pid 5828] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 5826] <... write resumed>) = 6 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... sendto resumed>) = 44 [pid 5828] <... sendto resumed>) = 44 [pid 5826] close(3 [pid 5831] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 5830] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700 [pid 5829] recvfrom(3, [pid 5826] <... close resumed>) = 0 [pid 5826] mkdir("./syz-tmp", 0777 [pid 5829] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5831] <... pivot_root resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] close(3 [pid 5826] <... mkdir resumed>) = 0 [pid 5831] chdir("/" [pid 5830] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700 [pid 5829] <... close resumed>) = 0 [pid 5828] recvfrom(3, [pid 5831] <... chdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5828] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5829] <... openat resumed>) = 3 [pid 5831] umount2("./pivot", MNT_DETACH [pid 5830] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700 [pid 5828] close(3 [pid 5826] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] write(3, "100000", 6 [pid 5828] <... close resumed>) = 0 [pid 5826] <... mount resumed>) = 0 [pid 5831] chroot("./newroot" [pid 5830] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... write resumed>) = 6 [pid 5828] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5826] mkdir("./syz-tmp/newroot", 0777 [pid 5831] <... chroot resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5829] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... mkdir resumed>) = 0 [pid 5831] chdir("/" [pid 5830] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... close resumed>) = 0 [pid 5828] write(3, "100000", 6 [pid 5826] mkdir("./syz-tmp/newroot/dev", 0700 [pid 5831] <... chdir resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5829] mkdir("./syz-tmp", 0777 [pid 5828] <... write resumed>) = 6 [pid 5831] mkdir("/dev/binderfs", 0777 [pid 5830] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] close(3 [pid 5826] <... mkdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 5828] mkdir("./syz-tmp", 0777 [pid 5826] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5830] mkdir("./syz-tmp/pivot", 0777 [pid 5829] <... mount resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5826] <... mount resumed>) = 0 [pid 5831] <... mount resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot", 0777 [pid 5831] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5828] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 5826] mkdir("./syz-tmp/newroot/proc", 0700 [pid 5831] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot/dev", 0700 [pid 5826] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 5830] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot", 0777 [pid 5826] <... mount resumed>) = 0 [pid 5831] getpid( [pid 5830] <... pivot_root resumed>) = 0 [pid 5829] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... getpid resumed>) = 1 [pid 5831] mkdir("/syzcgroup/unified/syz3", 0777 [pid 5829] <... mount resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/dev", 0700 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot/proc", 0700 [pid 5828] <... mkdir resumed>) = 0 [pid 5826] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 5830] chdir("/" [pid 5829] <... mkdir resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5830] <... chdir resumed>) = 0 [pid 5829] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 5826] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] umount2("./pivot", MNT_DETACH [pid 5829] <... mount resumed>) = 0 [pid 5828] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5829] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5826] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] openat(AT_FDCWD, "/syzcgroup/unified/syz3/pids.max", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = 0 [pid 5829] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] mkdir("./syz-tmp/newroot/proc", 0700 [pid 5826] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5831] <... openat resumed>) = 3 [pid 5830] chroot("./newroot" [pid 5829] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5828] <... mkdir resumed>) = 0 [pid 5826] mkdir("./syz-tmp/newroot/sys", 0700 [pid 5830] <... chroot resumed>) = 0 [pid 5829] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 5826] <... mkdir resumed>) = 0 [pid 5830] chdir("/" [pid 5829] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5828] <... mount resumed>) = 0 [pid 5831] write(3, "32", 2 [pid 5830] <... chdir resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot/sys", 0700 [pid 5826] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] <... write resumed>) = 2 [pid 5830] mkdir("/dev/binderfs", 0777 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 5826] <... mount resumed>) = 0 [pid 5831] close(3 [pid 5830] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5829] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5828] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] openat(AT_FDCWD, "/syzcgroup/unified/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5830] <... mount resumed>) = 0 [pid 5829] <... mount resumed>) = 0 [pid 5828] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5826] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] <... openat resumed>) = 3 [pid 5828] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 5831] write(3, "1", 1 [pid 5830] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5829] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] mkdir("./syz-tmp/newroot/sys", 0700 [pid 5826] <... mount resumed>) = 0 [pid 5830] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... mount resumed>) = 0 [pid 5826] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5826] <... mount resumed>) = 0 [pid 5830] getpid() = 1 [pid 5830] mkdir("/syzcgroup/unified/syz4", 0777 [pid 5829] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... mount resumed>) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot/syzcgroup", 0700 [pid 5828] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] <... mount resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5831] <... write resumed>) = 1 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700 [pid 5826] mkdir("./syz-tmp/newroot/syzcgroup", 0700 [pid 5831] close(3 [pid 5828] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5831] <... close resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] mkdir("/syzcgroup/cpu/syz3", 0777 [pid 5828] <... mount resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/syzcgroup/unified/syz4/pids.max", O_WRONLY|O_CLOEXEC [pid 5829] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700 [pid 5830] <... openat resumed>) = 3 [pid 5826] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5826] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700 [pid 5828] <... mount resumed>) = 0 [pid 5830] write(3, "32", 2 [pid 5829] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700 [pid 5826] <... mkdir resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/syzcgroup", 0700) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700 [pid 5826] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700 [pid 5830] <... write resumed>) = 2 [pid 5830] close(3 [pid 5826] <... mkdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700 [pid 5826] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] openat(AT_FDCWD, "/syzcgroup/unified/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] <... mount resumed>) = 0 [pid 5829] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... mount resumed>) = 0 [pid 5830] write(3, "1", 1 [pid 5826] <... mount resumed>) = 0 [pid 5828] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700) = 0 [pid 5829] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5830] <... write resumed>) = 1 [pid 5828] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... mount resumed>) = 0 [pid 5826] <... mount resumed>) = 0 [pid 5830] close(3 [pid 5828] <... mount resumed>) = 0 [pid 5826] mkdir("./syz-tmp/pivot", 0777 [pid 5829] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] mkdir("/syzcgroup/cpu/syz4", 0777 [pid 5826] <... mkdir resumed>) = 0 [pid 5829] mkdir("./syz-tmp/pivot", 0777 [pid 5828] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5828] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 5826] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 5828] <... mount resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5829] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 5829] chdir("/" [pid 5831] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] mkdir("./syz-tmp/pivot", 0777 [pid 5826] chdir("/" [pid 5831] write(3, "1", 1 [pid 5830] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5829] <... chdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5829] umount2("./pivot", MNT_DETACH [pid 5826] <... chdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5826] umount2("./pivot", MNT_DETACH [pid 5831] <... write resumed>) = 1 [pid 5829] chroot("./newroot") = 0 [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5829] chdir("/" [pid 5828] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 5826] <... umount2 resumed>) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5829] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 5829] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5831] <... close resumed>) = 0 [pid 5830] write(3, "1", 1 [pid 5829] <... mount resumed>) = 0 [pid 5828] <... pivot_root resumed>) = 0 [pid 5826] chroot("./newroot" [pid 5831] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5829] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5831] <... openat resumed>) = 3 [pid 5830] <... write resumed>) = 1 [pid 5828] chdir("/" [pid 5826] <... chroot resumed>) = 0 [pid 5830] close(3 [pid 5831] write(3, "313524224", 9 [pid 5830] <... close resumed>) = 0 [pid 5829] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... chdir resumed>) = 0 [pid 5826] chdir("/" [pid 5829] getpid() = 1 [pid 5829] mkdir("/syzcgroup/unified/syz2", 0777 [pid 5830] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5828] umount2("./pivot", MNT_DETACH [pid 5826] <... chdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] <... write resumed>) = 9 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5826] mkdir("/dev/binderfs", 0777 [pid 5831] close(3 [pid 5830] write(3, "313524224", 9 [pid 5829] openat(AT_FDCWD, "/syzcgroup/unified/syz2/pids.max", O_WRONLY|O_CLOEXEC [pid 5828] chroot("./newroot" [pid 5826] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5831] <... close resumed>) = 0 [pid 5830] <... write resumed>) = 9 [pid 5829] <... openat resumed>) = 3 [pid 5826] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5831] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5830] close(3 [pid 5829] write(3, "32", 2 [pid 5828] <... chroot resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 2 [pid 5828] chdir("/" [pid 5826] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5829] close(3 [pid 5828] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] mkdir("/dev/binderfs", 0777 [pid 5831] write(3, "314572800", 9 [pid 5826] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5831] <... write resumed>) = 9 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5831] close(3 [pid 5830] write(3, "314572800", 9 [pid 5829] openat(AT_FDCWD, "/syzcgroup/unified/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5828] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5830] <... write resumed>) = 9 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... mount resumed>) = 0 [pid 5826] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... close resumed>) = 0 [pid 5830] close(3 [pid 5826] getpid( [pid 5831] mkdir("/syzcgroup/net/syz3", 0777 [pid 5830] <... close resumed>) = 0 [pid 5829] write(3, "1", 1 [pid 5828] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5830] mkdir("/syzcgroup/net/syz4", 0777 [pid 5829] <... write resumed>) = 1 [pid 5826] <... getpid resumed>) = 1 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] close(3 [pid 5828] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5826] mkdir("/syzcgroup/unified/syz1", 0777 [pid 5831] openat(AT_FDCWD, "/syzcgroup/net/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] getpid( [pid 5830] openat(AT_FDCWD, "/syzcgroup/net/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5829] mkdir("/syzcgroup/cpu/syz2", 0777 [pid 5828] <... getpid resumed>) = 1 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5826] <... mkdir resumed>) = 0 [pid 5830] write(3, "1", 1 [pid 5828] mkdir("/syzcgroup/unified/syz0", 0777 [pid 5831] write(3, "1", 1) = 1 [pid 5826] openat(AT_FDCWD, "/syzcgroup/unified/syz1/pids.max", O_WRONLY|O_CLOEXEC [pid 5829] <... mkdir resumed>) = 0 [pid 5830] <... write resumed>) = 1 [pid 5829] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5830] close(3 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC [pid 5826] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5830] mkdir("./0", 0777 [pid 5829] write(3, "1", 1 [pid 5828] <... openat resumed>) = 3 [pid 5826] write(3, "32", 2) = 2 [pid 5829] <... write resumed>) = 1 [pid 5826] close(3 [pid 5831] mkdir("./0", 0777 [pid 5829] close(3 [pid 5828] write(3, "32", 2 [pid 5826] <... close resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/syzcgroup/unified/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1", 1 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5826] <... write resumed>) = 1 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 5828] <... write resumed>) = 2 [pid 5826] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5830] <... openat resumed>) = 3 [pid 5828] close(3 [pid 5826] <... close resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] <... close resumed>) = 0 [pid 5826] mkdir("/syzcgroup/cpu/syz1", 0777 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5826] <... mkdir resumed>) = 0 [ 69.823857][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [pid 5831] close(3 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5826] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5831] <... close resumed>) = 0 [pid 5829] write(3, "313524224", 9 [pid 5828] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5829] <... write resumed>) = 9 [pid 5828] write(3, "1", 1 [pid 5829] close(3) = 0 [pid 5828] <... write resumed>) = 1 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5829] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5828] <... close resumed>) = 0 [pid 5826] <... openat resumed>) = 3 [pid 5852] set_robust_list(0x555565b3a6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x555565b3a690) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5828] mkdir("/syzcgroup/cpu/syz0", 0777 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5853 attached [pid 5852] chdir("./0" [pid 5829] write(3, "314572800", 9 [pid 5826] write(3, "1", 1 [pid 5853] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... write resumed>) = 9 [pid 5826] <... write resumed>) = 1 [pid 5828] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5853] <... set_robust_list resumed>) = 0 [pid 5826] close(3 [pid 5853] chdir("./0" [pid 5852] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x555565b3a690) = 3 [pid 5829] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... close resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... close resumed>) = 0 [pid 5828] write(3, "1", 1 [pid 5826] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... prctl resumed>) = 0 [pid 5829] mkdir("/syzcgroup/net/syz2", 0777 [pid 5828] <... write resumed>) = 1 [pid 5853] <... prctl resumed>) = 0 [pid 5852] setpgid(0, 0 [pid 5826] <... openat resumed>) = 3 [pid 5853] setpgid(0, 0 [pid 5852] <... setpgid resumed>) = 0 [pid 5828] close(3 [pid 5826] write(3, "313524224", 9 [pid 5853] <... setpgid resumed>) = 0 [pid 5852] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5826] <... write resumed>) = 9 [pid 5853] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5852] <... symlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5852] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5853] <... symlink resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/syzcgroup/net/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5826] close(3 [pid 5853] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5852] <... symlink resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... close resumed>) = 0 [pid 5853] <... symlink resumed>) = 0 [pid 5852] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5829] write(3, "1", 1 [pid 5826] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5852] <... symlink resumed>) = 0 [pid 5829] <... write resumed>) = 1 [pid 5828] write(3, "313524224", 9 [pid 5826] <... openat resumed>) = 3 [pid 5853] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] close(3 [pid 5828] <... write resumed>) = 9 [pid 5853] <... symlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] close(3 [pid 5826] write(3, "314572800", 9 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] mkdir("./0", 0777 [pid 5826] <... write resumed>) = 9 [pid 5853] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5852] write(3, "1000", 4 [pid 5853] write(3, "1000", 4 [pid 5826] close(3 [pid 5853] <... write resumed>) = 4 [pid 5852] <... write resumed>) = 4 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 5826] <... close resumed>) = 0 [pid 5853] close(3 [pid 5852] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5826] mkdir("/syzcgroup/net/syz1", 0777 [pid 5853] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] write(3, "314572800", 9 [pid 5826] <... mkdir resumed>) = 0 [pid 5852] read(200, [pid 5828] <... write resumed>) = 9 [pid 5853] read(200, [pid 5852] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5826] openat(AT_FDCWD, "/syzcgroup/net/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5853] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5852] read(200, [pid 5829] close(3 [pid 5828] close(3 [pid 5853] read(200, [pid 5852] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... close resumed>) = 0 [pid 5826] <... openat resumed>) = 3 [pid 5853] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5852] symlink("/dev/binderfs", "./binderfs" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5853] read(200, [pid 5826] write(3, "1", 1 [pid 5828] <... close resumed>) = 0 [pid 5826] <... write resumed>) = 1 ./strace-static-x86_64: Process 5854 attached [pid 5853] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... symlink resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 3 executing program [pid 5828] mkdir("/syzcgroup/net/syz0", 0777 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5826] close(3 [pid 5853] <... symlink resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5826] mkdir("./0", 0777 [pid 5828] <... mkdir resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5853] write(1, "executing program\n", 18 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5853] <... write resumed>) = 18 [pid 5826] <... openat resumed>) = 3 [pid 5854] set_robust_list(0x555565b3a6a0, 24 [pid 5853] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 5852] write(1, "executing program\n", 18 [pid 5828] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... write resumed>) = 18 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5826] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5854] chdir("./0" [pid 5853] <... mmap resumed>) = 0x7f201f215000 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5826] close(3 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... mprotect resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5854] <... chdir resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5852] <... mmap resumed>) = 0x7f201f215000 [pid 5828] write(3, "1", 1 [pid 5826] <... close resumed>) = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5854] <... prctl resumed>) = 0 [pid 5854] setpgid(0, 0 [pid 5853] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5852] <... mprotect resumed>) = 0 [pid 5828] <... write resumed>) = 1 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5854] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5828] close(3./strace-static-x86_64: Process 5856 attached [pid 5855] set_robust_list(0x555565b3a6a0, 24 [pid 5852] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5828] <... close resumed>) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] <... symlink resumed>) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5828] mkdir("./0", 0777./strace-static-x86_64: Process 5857 attached [pid 5856] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5855] chdir("./0" [pid 5854] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5853] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4 [pid 5828] <... mkdir resumed>) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 3 [pid 5857] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5856] <... rseq resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] set_robust_list(0x7f201f2359a0, 24 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... futex resumed>) = 0 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5856] memfd_create("syzkaller", 0 [pid 5857] <... rseq resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5854] <... symlink resumed>) = 0 [pid 5852] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5857] set_robust_list(0x7f201f2359a0, 24 [pid 5856] <... memfd_create resumed>) = 3 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5854] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] <... prctl resumed>) = 0 [pid 5854] <... symlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] <... mmap resumed>) = 0x7f2016e00000 [pid 5855] setpgid(0, 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... setpgid resumed>) = 0 [pid 5854] <... openat resumed>) = 3 [pid 5852] <... futex resumed>) = 0 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5857] memfd_create("syzkaller", 0 [pid 5855] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 5854] write(3, "1000", 4 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] close(3 [pid 5857] <... memfd_create resumed>) = 3 [pid 5855] <... symlink resumed>) = 0 [pid 5854] <... write resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 5854] close(3 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5857] <... mmap resumed>) = 0x7f2016e00000 [pid 5855] <... symlink resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5855] symlink("/syzcgroup/net/syz1", "./cgroup.net"./strace-static-x86_64: Process 5858 attached [pid 5854] read(200, [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 3 [pid 5858] set_robust_list(0x555565b3a6a0, 24 [pid 5855] <... symlink resumed>) = 0 [pid 5854] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] read(200, [pid 5855] <... openat resumed>) = 3 [pid 5854] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] chdir("./0" [pid 5855] write(3, "1000", 4 [pid 5854] symlink("/dev/binderfs", "./binderfs" [pid 5858] <... chdir resumed>) = 0 [pid 5855] <... write resumed>) = 4 [pid 5854] <... symlink resumed>) = 0 executing program [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] close(3 [pid 5854] write(1, "executing program\n", 18 [pid 5858] <... prctl resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5854] <... write resumed>) = 18 [pid 5858] setpgid(0, 0 [pid 5855] read(200, [pid 5854] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... setpgid resumed>) = 0 [pid 5855] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5854] <... futex resumed>) = 0 [pid 5855] read(200, [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5858] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5855] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5854] <... mmap resumed>) = 0x7f201f215000 [pid 5855] read(200, [pid 5854] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5855] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5854] <... mprotect resumed>) = 0 [pid 5855] read(200, [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5855] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5859 attached [pid 5858] <... symlink resumed>) = 0 [pid 5855] <... symlink resumed>) = 0 [pid 5859] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053executing program [pid 5858] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5855] write(1, "executing program\n", 18 [pid 5854] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4 [pid 5859] <... rseq resumed>) = 0 [pid 5859] set_robust_list(0x7f201f2359a0, 24 [pid 5858] <... symlink resumed>) = 0 [pid 5855] <... write resumed>) = 18 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... set_robust_list resumed>) = 0 [pid 5858] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5855] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... symlink resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] memfd_create("syzkaller", 0 [pid 5855] <... mmap resumed>) = 0x7f201f215000 [pid 5854] <... futex resumed>) = 0 [pid 5859] <... memfd_create resumed>) = 3 [pid 5858] <... openat resumed>) = 3 [pid 5855] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] write(3, "1000", 4 [pid 5855] <... mprotect resumed>) = 0 executing program [pid 5859] <... mmap resumed>) = 0x7f2016e00000 [pid 5858] <... write resumed>) = 4 [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5858] close(3 [pid 5855] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5858] <... close resumed>) = 0 [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5858] read(200, ./strace-static-x86_64: Process 5860 attached "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5860] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5858] read(200, [pid 5860] <... rseq resumed>) = 0 [pid 5858] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] set_robust_list(0x7f201f2359a0, 24 [pid 5858] symlink("/dev/binderfs", "./binderfs" [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] <... symlink resumed>) = 0 [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4 [pid 5858] <... futex resumed>) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... mmap resumed>) = 0x7f201f215000 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5858] <... mprotect resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5860] <... mmap resumed>) = 0x7f2016e00000 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5861 attached => {parent_tid=[4]}, 88) = 4 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053) = 0 [pid 5861] set_robust_list(0x7f201f2359a0, 24) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5856] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5859] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5857] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5861] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5860] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5856] <... write resumed>) = 16777216 [pid 5856] munmap(0x7f2016e00000, 138412032) = 0 [pid 5859] <... write resumed>) = 16777216 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5859] munmap(0x7f2016e00000, 138412032 [pid 5856] <... openat resumed>) = 4 [pid 5861] <... write resumed>) = 16777216 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5861] munmap(0x7f2016e00000, 138412032 [pid 5857] <... write resumed>) = 16777216 [pid 5857] munmap(0x7f2016e00000, 138412032 [pid 5856] <... ioctl resumed>) = 0 [pid 5861] <... munmap resumed>) = 0 [pid 5859] <... munmap resumed>) = 0 [pid 5856] close(3 [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5856] <... close resumed>) = 0 [pid 5859] <... openat resumed>) = 4 [pid 5856] close(4 [pid 5859] ioctl(4, LOOP_SET_FD, 3 [pid 5856] <... close resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3 [pid 5857] <... munmap resumed>) = 0 [pid 5856] mkdir("./file1", 0777 [pid 5857] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5859] <... ioctl resumed>) = 0 [pid 5856] <... mkdir resumed>) = 0 [ 70.678958][ T5856] loop3: detected capacity change from 0 to 32768 [ 70.700261][ T5859] loop2: detected capacity change from 0 to 32768 [ 70.701907][ T5861] loop0: detected capacity change from 0 to 32768 [ 70.718499][ T5857] loop4: detected capacity change from 0 to 32768 [pid 5856] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5857] <... ioctl resumed>) = 0 [pid 5861] <... ioctl resumed>) = 0 [pid 5861] close(3 [pid 5857] close(3 [pid 5861] <... close resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5861] close(4 [pid 5857] close(4 [pid 5861] <... close resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5861] mkdir("./file1", 0777 [pid 5857] mkdir("./file1", 0777 [pid 5861] <... mkdir resumed>) = 0 [pid 5857] <... mkdir resumed>) = 0 [pid 5861] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5857] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5860] <... write resumed>) = 16777216 [pid 5859] close(3) = 0 [pid 5860] munmap(0x7f2016e00000, 138412032 [pid 5859] close(4) = 0 [pid 5859] mkdir("./file1", 0777) = 0 [ 70.726241][ T5856] ======================================================= [ 70.726241][ T5856] WARNING: The mand mount option has been deprecated and [ 70.726241][ T5856] and is ignored by this kernel. Remove the mand [ 70.726241][ T5856] option from the mount to silence this warning. [ 70.726241][ T5856] ======================================================= [pid 5859] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5860] <... munmap resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file1", 0777) = 0 [ 70.799159][ T5856] JBD2: Ignoring recovery information on journal [ 70.821299][ T5860] loop1: detected capacity change from 0 to 32768 [pid 5860] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file1") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5856] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5856] symlink(NULL, NULL [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5856] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5856] readlink("./file0", [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5856] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5856] creat("./file0", 0160 [ 70.860972][ T5856] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 70.873136][ T5861] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 70.886672][ T5857] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 70.896781][ T5861] JBD2: Ignoring recovery information on journal [ 70.902021][ T5857] JBD2: Ignoring recovery information on journal [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5853] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.909823][ T5859] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [pid 5856] <... creat resumed>) = 4 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f1f4000 [pid 5853] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... mprotect resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0}./strace-static-x86_64: Process 5869 attached [pid 5856] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5853] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 5869] <... rseq resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] set_robust_list(0x7f201f2149a0, 24 [pid 5857] <... mount resumed>) = 0 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5853] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... futex resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] creat(NULL, 000 [pid 5857] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5869] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5857] <... openat resumed>) = 3 [pid 5869] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5869] futex(0x7f201fb106d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5856] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 70.961699][ T5857] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 70.983111][ T5860] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 70.987356][ T5859] JBD2: Ignoring recovery information on journal [pid 5857] chdir("./file1") = 0 [pid 5856] <... openat resumed>) = 5 [pid 5857] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... mount resumed>) = 0 [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5861] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5856] <... futex resumed>) = 0 [ 71.019147][ T29] audit: type=1804 audit(1733213248.633:2): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/0/file1/file0" dev="loop3" ino=17058 res=1 errno=0 [ 71.033932][ T5861] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 71.049171][ T5860] JBD2: Ignoring recovery information on journal [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... openat resumed>) = 3 [pid 5859] <... mount resumed>) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5856] memfd_create("syzkaller", 0 [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 1 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5856] <... memfd_create resumed>) = 6 [pid 5853] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5859] chdir("./file1" [pid 5856] <... mmap resumed>) = 0x7f2016c00000 [pid 5861] chdir("./file1" [pid 5860] <... mount resumed>) = 0 [pid 5859] <... chdir resumed>) = 0 [pid 5857] symlink(NULL, NULL [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5861] <... chdir resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5857] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5856] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] readlink("./file0", [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5857] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5854] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 0 [pid 5861] symlink(NULL, NULL [pid 5859] symlink(NULL, NULL [pid 5858] <... futex resumed>) = 1 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5857] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] readlink("./file0", [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5861] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5859] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5857] creat("./file0", 0160 [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... futex resumed>) = 0 [pid 5860] symlink(NULL, NULL) = -1 EFAULT (Bad address) [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... futex resumed>) = 0 [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] readlink("./file0", [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5861] creat("./file0", 0160 [pid 5860] <... futex resumed>) = 0 [pid 5859] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5858] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5860] readlink("./file0", [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5859] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.075484][ T5859] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 71.077152][ T5860] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] creat("./file0", 0160 [pid 5854] <... futex resumed>) = 0 [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5860] creat("./file0", 0160 [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... creat resumed>) = 4 [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] creat(NULL, 000 [pid 5855] <... futex resumed>) = 0 [pid 5860] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5859] <... creat resumed>) = 4 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... openat resumed>) = 5 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... write resumed>) = 4194304 [pid 5857] <... creat resumed>) = 4 [pid 5856] munmap(0x7f2016c00000, 138412032 [pid 5861] <... creat resumed>) = 4 [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 1 [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 1 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [pid 5857] creat(NULL, 000 [pid 5855] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] creat(NULL, 000 [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5856] <... munmap resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] memfd_create("syzkaller", 0 [pid 5859] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5858] <... futex resumed>) = 0 [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] creat(NULL, 000 [pid 5860] <... memfd_create resumed>) = 6 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 0 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... futex resumed>) = 1 [pid 5857] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] close(6 [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... mmap resumed>) = 0x7f2016e00000 [ 71.134893][ T29] audit: type=1804 audit(1733213248.753:3): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/0/file1/file0" dev="loop1" ino=17058 res=1 errno=0 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5857] <... openat resumed>) = 5 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 5 [pid 5857] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5857] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5861] <... openat resumed>) = 5 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] memfd_create("syzkaller", 0 [pid 5854] <... futex resumed>) = 0 [pid 5852] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] memfd_create("syzkaller", 0 [pid 5857] <... memfd_create resumed>) = 6 [pid 5854] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5861] <... futex resumed>) = 1 [pid 5859] <... memfd_create resumed>) = 6 [pid 5858] <... futex resumed>) = 0 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5857] <... mmap resumed>) = 0x7f2016e00000 [pid 5858] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] memfd_create("syzkaller", 0) = 6 [pid 5858] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 71.186369][ T29] audit: type=1804 audit(1733213248.803:4): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/0/file1/file0" dev="loop4" ino=17058 res=1 errno=0 [pid 5856] <... close resumed>) = 0 [pid 5856] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5853] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5860] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5856] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5859] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5857] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 71.222510][ T29] audit: type=1804 audit(1733213248.803:5): pid=5859 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/0/file1/file0" dev="loop2" ino=17058 res=1 errno=0 [ 71.244903][ T29] audit: type=1804 audit(1733213248.803:6): pid=5861 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/0/file1/file0" dev="loop0" ino=17058 res=1 errno=0 [ 71.268937][ T5841] Bluetooth: hci4: command tx timeout [pid 5861] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5857] <... write resumed>) = 4194304 [pid 5861] <... write resumed>) = 4194304 [pid 5857] munmap(0x7f2016e00000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5861] munmap(0x7f2016e00000, 138412032 [pid 5857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] <... munmap resumed>) = 0 [ 71.303120][ T5856] [ 71.305496][ T5856] ====================================================== [ 71.312518][ T5856] WARNING: possible circular locking dependency detected [ 71.319558][ T5856] 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Not tainted [ 71.326682][ T5856] ------------------------------------------------------ [ 71.333707][ T5856] syz-executor218/5856 is trying to acquire lock: [ 71.340133][ T5856] ffff88807bb1a2e0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 71.350810][ T5856] [ 71.350810][ T5856] but task is already holding lock: [ 71.358181][ T5856] ffff88807bb1a378 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 71.368804][ T5856] [ 71.368804][ T5856] which lock already depends on the new lock. [ 71.368804][ T5856] [ 71.379194][ T5856] [ 71.379194][ T5856] the existing dependency chain (in reverse order) is: [ 71.388213][ T5856] [ 71.388213][ T5856] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 71.396024][ T5856] lock_acquire+0x1ed/0x550 [ 71.401043][ T5856] down_write+0x99/0x220 [ 71.405818][ T5856] ocfs2_xattr_set_handle+0x539/0xa10 [ 71.411705][ T5856] ocfs2_init_security_set+0xbd/0xd0 [ 71.417506][ T5856] ocfs2_mknod+0x1ccf/0x2b30 [ 71.422637][ T5856] ocfs2_create+0x1ab/0x470 [ 71.427660][ T5856] path_openat+0x1c03/0x3590 [ 71.432764][ T5856] do_filp_open+0x27f/0x4e0 [ 71.437781][ T5856] do_sys_openat2+0x13e/0x1d0 [ 71.442969][ T5856] __x64_sys_creat+0x123/0x170 [ 71.448242][ T5856] do_syscall_64+0xf3/0x230 [ 71.453285][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.459739][ T5856] [ 71.459739][ T5856] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 71.467136][ T5856] lock_acquire+0x1ed/0x550 [ 71.472154][ T5856] start_this_handle+0x1eb4/0x2110 [ 71.477778][ T5856] jbd2__journal_start+0x2da/0x5d0 [ 71.483397][ T5856] jbd2_journal_start+0x29/0x40 [ 71.488757][ T5856] ocfs2_start_trans+0x3c9/0x700 [ 71.494204][ T5856] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 71.500609][ T5856] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 71.507470][ T5856] ocfs2_mknod+0x143a/0x2b30 [ 71.512577][ T5856] ocfs2_create+0x1ab/0x470 [ 71.517594][ T5856] path_openat+0x1c03/0x3590 [ 71.522696][ T5856] do_filp_open+0x27f/0x4e0 [ 71.527833][ T5856] do_sys_openat2+0x13e/0x1d0 [ 71.533022][ T5856] __x64_sys_creat+0x123/0x170 [ 71.538295][ T5856] do_syscall_64+0xf3/0x230 [ 71.543410][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.549815][ T5856] [ 71.549815][ T5856] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 71.558329][ T5856] lock_acquire+0x1ed/0x550 [ 71.563341][ T5856] down_read+0xb1/0xa40 [ 71.568008][ T5856] ocfs2_start_trans+0x3be/0x700 [ 71.573455][ T5856] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 71.579856][ T5856] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 71.586695][ T5856] ocfs2_mknod+0x143a/0x2b30 [ 71.591798][ T5856] ocfs2_create+0x1ab/0x470 [ 71.596920][ T5856] path_openat+0x1c03/0x3590 [ 71.602032][ T5856] do_filp_open+0x27f/0x4e0 [ 71.607046][ T5856] do_sys_openat2+0x13e/0x1d0 [ 71.612231][ T5856] __x64_sys_creat+0x123/0x170 [ 71.617503][ T5856] do_syscall_64+0xf3/0x230 [ 71.622517][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.628922][ T5856] [ 71.628922][ T5856] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 71.636406][ T5856] lock_acquire+0x1ed/0x550 [ 71.641417][ T5856] ocfs2_start_trans+0x2b9/0x700 [ 71.646865][ T5856] ocfs2_truncate_file+0x69a/0x1560 [ 71.652587][ T5856] ocfs2_setattr+0x1890/0x1ef0 [ 71.657864][ T5856] notify_change+0xbca/0xe90 [ 71.662964][ T5856] do_truncate+0x220/0x310 [ 71.667889][ T5856] do_coredump+0x2a67/0x3100 [ 71.672988][ T5856] get_signal+0x140b/0x1750 [ 71.678003][ T5856] arch_do_signal_or_restart+0x96/0x860 [ 71.684065][ T5856] irqentry_exit_to_user_mode+0x7e/0x250 [ 71.690214][ T5856] exc_page_fault+0x590/0x8b0 [ 71.695401][ T5856] asm_exc_page_fault+0x26/0x30 [ 71.700762][ T5856] [ 71.700762][ T5856] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 71.708569][ T5856] validate_chain+0x18ef/0x5920 [ 71.713930][ T5856] __lock_acquire+0x1397/0x2100 [ 71.719288][ T5856] lock_acquire+0x1ed/0x550 [ 71.724297][ T5856] down_write+0x99/0x220 [ 71.729057][ T5856] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 71.735554][ T5856] ocfs2_truncate_file+0xe1b/0x1560 [ 71.741267][ T5856] ocfs2_setattr+0x1890/0x1ef0 [ 71.746549][ T5856] notify_change+0xbca/0xe90 [ 71.751648][ T5856] do_truncate+0x220/0x310 [ 71.756577][ T5856] do_coredump+0x2a67/0x3100 [ 71.761697][ T5856] get_signal+0x140b/0x1750 [ 71.766714][ T5856] arch_do_signal_or_restart+0x96/0x860 [ 71.772779][ T5856] irqentry_exit_to_user_mode+0x7e/0x250 [ 71.778930][ T5856] exc_page_fault+0x590/0x8b0 [ 71.784121][ T5856] asm_exc_page_fault+0x26/0x30 [ 71.789484][ T5856] [ 71.789484][ T5856] other info that might help us debug this: [ 71.789484][ T5856] [ 71.799696][ T5856] Chain exists of: [ 71.799696][ T5856] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 71.799696][ T5856] [ 71.812725][ T5856] Possible unsafe locking scenario: [ 71.812725][ T5856] [ 71.820164][ T5856] CPU0 CPU1 [ 71.825514][ T5856] ---- ---- [ 71.830868][ T5856] lock(&oi->ip_xattr_sem); [ 71.835454][ T5856] lock(jbd2_handle); [ 71.842032][ T5856] lock(&oi->ip_xattr_sem); [ 71.849133][ T5856] lock(&oi->ip_alloc_sem); [ 71.853711][ T5856] [ 71.853711][ T5856] *** DEADLOCK *** [ 71.853711][ T5856] [ 71.861844][ T5856] 2 locks held by syz-executor218/5856: [ 71.867374][ T5856] #0: ffff88807bb1a640 (&sb->s_type->i_mutex_key#19){+.+.}-{4:4}, at: do_truncate+0x20c/0x310 [ 71.877820][ T5856] #1: ffff88807bb1a378 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 71.888859][ T5856] [ 71.888859][ T5856] stack backtrace: [ 71.894752][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: syz-executor218 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 [ 71.905845][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.915897][ T5856] Call Trace: [ 71.919170][ T5856] [ 71.922091][ T5856] dump_stack_lvl+0x241/0x360 [ 71.926768][ T5856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.931958][ T5856] ? __pfx__printk+0x10/0x10 [ 71.936543][ T5856] print_circular_bug+0x13a/0x1b0 [ 71.941558][ T5856] check_noncircular+0x36a/0x4a0 [ 71.946485][ T5856] ? __pfx_check_noncircular+0x10/0x10 [ 71.951934][ T5856] ? lockdep_lock+0x123/0x2b0 [ 71.956602][ T5856] validate_chain+0x18ef/0x5920 [ 71.961452][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 71.966646][ T5856] ? arch_do_signal_or_restart+0x96/0x860 [ 71.972366][ T5856] ? irqentry_exit_to_user_mode+0x7e/0x250 [ 71.978165][ T5856] ? exc_page_fault+0x590/0x8b0 [ 71.983005][ T5856] ? asm_exc_page_fault+0x26/0x30 [ 71.988026][ T5856] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.994000][ T5856] ? mark_lock+0x9a/0x360 [ 71.998320][ T5856] __lock_acquire+0x1397/0x2100 [ 72.003162][ T5856] lock_acquire+0x1ed/0x550 [ 72.007653][ T5856] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 72.013796][ T5856] ? __pfx_lock_acquire+0x10/0x10 [ 72.018814][ T5856] ? __pfx___might_resched+0x10/0x10 [ 72.024096][ T5856] ? ocfs2_truncate_file+0xd45/0x1560 [ 72.029461][ T5856] ? __pfx_lock_release+0x10/0x10 [ 72.034475][ T5856] down_write+0x99/0x220 [ 72.038711][ T5856] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 72.044855][ T5856] ? __pfx_down_write+0x10/0x10 [ 72.049699][ T5856] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 72.055668][ T5856] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 72.062242][ T5856] ? ocfs2_metadata_cache_get_super+0x43/0x80 [ 72.068302][ T5856] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 72.074008][ T5856] ocfs2_truncate_file+0xe1b/0x1560 [ 72.079206][ T5856] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 72.084915][ T5856] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 72.090539][ T5856] ? do_raw_spin_unlock+0x13c/0x8b0 [ 72.095730][ T5856] ? __asan_memset+0x23/0x50 [ 72.100313][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 72.105152][ T5856] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 72.110859][ T5856] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 72.116913][ T5856] ? ocfs2_rw_lock+0x13e/0x260 [ 72.121670][ T5856] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 72.126771][ T5856] ? setattr_prepare+0x1f5/0xb20 [ 72.131702][ T5856] ? jbd2_journal_begin_ordered_truncate+0xc0/0x160 [ 72.138279][ T5856] ocfs2_setattr+0x1890/0x1ef0 [ 72.143046][ T5856] ? __pfx_ocfs2_setattr+0x10/0x10 [ 72.148151][ T5856] ? __pfx_smack_inode_setattr+0x10/0x10 [ 72.153779][ T5856] ? current_time+0x282/0x3c0 [ 72.158452][ T5856] ? evm_inode_setattr+0x1b2/0x7d0 [ 72.163553][ T5856] ? security_inode_setattr+0xdb/0x350 [ 72.169004][ T5856] ? __pfx_ocfs2_setattr+0x10/0x10 [ 72.174118][ T5856] notify_change+0xbca/0xe90 [ 72.179067][ T5856] do_truncate+0x220/0x310 [ 72.183477][ T5856] ? __pfx_do_truncate+0x10/0x10 [ 72.188405][ T5856] ? getname_kernel+0x140/0x2f0 [ 72.193245][ T5856] do_coredump+0x2a67/0x3100 [ 72.197838][ T5856] ? __pfx_do_coredump+0x10/0x10 [ 72.202769][ T5856] ? do_raw_spin_lock+0x14f/0x370 [ 72.207796][ T5856] ? proc_coredump_connector+0x1e8/0x750 [ 72.213423][ T5856] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 72.219390][ T5856] ? __pfx_proc_coredump_connector+0x10/0x10 [ 72.225367][ T5856] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.230554][ T5856] ? lockdep_hardirqs_on+0x99/0x150 [ 72.235746][ T5856] get_signal+0x140b/0x1750 [ 72.240243][ T5856] ? __pfx_get_signal+0x10/0x10 [ 72.245094][ T5856] ? __pfx_force_sig_fault+0x10/0x10 [ 72.250371][ T5856] arch_do_signal_or_restart+0x96/0x860 [ 72.255917][ T5856] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 72.262070][ T5856] ? irqentry_exit_to_user_mode+0x53/0x250 [ 72.267870][ T5856] irqentry_exit_to_user_mode+0x7e/0x250 [ 72.273495][ T5856] exc_page_fault+0x590/0x8b0 [ 72.278165][ T5856] asm_exc_page_fault+0x26/0x30 [ 72.283005][ T5856] RIP: 0033:0x7f201fa8209e [ 72.287526][ T5856] Code: fd d7 c9 0f bc d1 c5 fe 7f 27 c5 fe 7f 6f 20 c5 fe 7f 77 40 c5 fe 7f 7f 60 49 83 c0 1f 49 29 d0 48 8d 7c 17 61 e9 d2 04 00 00 fe 6f 1e c5 fe 6f 56 20 c5 fd 74 cb c5 fd d7 d1 49 83 f8 21 0f [ 72.307138][ T5856] RSP: 002b:00007f201f235068 EFLAGS: 00010287 [ 72.313201][ T5856] RAX: 00007f201f2350e0 RBX: 00007f201f2350e0 RCX: 0000000000000000 [ 72.321161][ T5856] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f201f2350e0 [ 72.329123][ T5856] RBP: 0000000020000140 R08: 00000000000000e0 R09: 00000000200000c0 [ 72.337083][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.345042][ T5856] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000200000c0 [ 72.353014][ T5856] [pid 5857] close(6 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5860] <... write resumed>) = 4194304 [pid 5857] <... close resumed>) = 0 [pid 5855] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5860] munmap(0x7f2016e00000, 138412032 [pid 5855] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... munmap resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f1f4000 [pid 5852] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5852] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 5873] <... rseq resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] set_robust_list(0x7f201f2149a0, 24 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5852] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5852] <... futex resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] <... mmap resumed>) = 0x7f201f1f4000 [pid 5852] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5860] close(6 [pid 5855] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5873] <... mkdir resumed>) = 0 [pid 5855] <... mprotect resumed>) = 0 [pid 5873] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5854] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5859] <... write resumed>) = 4194304 [pid 5855] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5861] close(6 [pid 5860] <... close resumed>) = 0 [pid 5859] munmap(0x7f2016e00000, 138412032 [pid 5858] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} [pid 5854] <... futex resumed>) = 0 [pid 5859] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5874 attached [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5860] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5860] <... futex resumed>) = 0 [pid 5858] <... futex resumed>) = 0 [pid 5860] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... mmap resumed>) = 0x7f201f1f4000 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] <... rseq resumed>) = 0 [pid 5859] close(6 [pid 5858] <... mmap resumed>) = 0x7f201f1f4000 [pid 5855] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 5854] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5858] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5874] set_robust_list(0x7f201f2149a0, 24 [pid 5861] <... close resumed>) = 0 [pid 5859] <... close resumed>) = 0 [pid 5858] <... mprotect resumed>) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... mprotect resumed>) = 0 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5859] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... futex resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 72.366395][ T5841] Bluetooth: hci2: command tx timeout [ 72.371840][ T5841] Bluetooth: hci1: command tx timeout [ 72.377321][ T5841] Bluetooth: hci3: command tx timeout [ 72.382720][ T5841] Bluetooth: hci0: command tx timeout [ 72.394883][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.401177][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [ 72.435970][ T5856] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 72.443905][ T5873] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 72.454677][ T5856] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5874] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5858] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5874] <... mkdir resumed>) = 0 [pid 5861] <... futex resumed>) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} [pid 5855] <... futex resumed>) = 0 [ 72.454689][ T5856] OCFS2: File system is now read-only. [ 72.454697][ T5856] (syz-executor218,5856,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 72.475157][ T5873] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 72.483494][ T5856] (syz-executor218,5856,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 72.490080][ T5873] OCFS2: File system is now read-only. [ 72.498300][ T5856] (syz-executor218,5856,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} [pid 5855] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5876 attached ./strace-static-x86_64: Process 5875 attached [pid 5874] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5858] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 5854] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [ 72.509517][ T5873] (syz-executor218,5873,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 72.518220][ T5856] (syz-executor218,5856,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 72.533301][ T5873] (syz-executor218,5873,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 72.542381][ T5856] (syz-executor218,5856,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 72.569070][ T5873] (syz-executor218,5873,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [pid 5876] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5875] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5861] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... rseq resumed>) = 0 [pid 5875] <... rseq resumed>) = 0 [pid 5869] <... futex resumed>) = ? [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... futex resumed>) = ? [pid 5876] set_robust_list(0x7f201f2149a0, 24 [pid 5875] set_robust_list(0x7f201f2149a0, 24 [pid 5869] +++ killed by SIGSEGV (core dumped) +++ [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5858] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] +++ killed by SIGSEGV (core dumped) +++ [pid 5853] +++ killed by SIGSEGV (core dumped) +++ [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... futex resumed>) = 0 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5876] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5854] <... futex resumed>) = 0 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5875] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=53 /* 0.53 s */} --- [ 72.569428][ T5856] (syz-executor218,5856,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 72.579519][ T5873] (syz-executor218,5873,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 72.603776][ T5873] (syz-executor218,5873,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 72.612922][ T5873] (syz-executor218,5873,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 72.628149][ T5874] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 72.631138][ T5876] OCFS2: ERROR (device loop0): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 72.646971][ T5874] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 72.665468][ T5876] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5852] <... futex resumed>) = ? [pid 5873] +++ killed by SIGSEGV (core dumped) +++ [pid 5857] +++ killed by SIGSEGV (core dumped) +++ [pid 5852] +++ killed by SIGSEGV (core dumped) +++ [ 72.665480][ T5876] OCFS2: File system is now read-only. [ 72.665489][ T5876] (syz-executor218,5876,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 72.675808][ T5874] OCFS2: File system is now read-only. [ 72.705452][ T5876] (syz-executor218,5876,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 72.706087][ T5874] (syz-executor218,5874,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 72.717698][ T5876] (syz-executor218,5876,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 72.724994][ T5874] (syz-executor218,5874,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 72.741881][ T5875] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 72.744036][ T5874] (syz-executor218,5874,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 72.762379][ T5876] (syz-executor218,5876,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=55 /* 0.55 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... restart_syscall resumed>) = 0 [pid 5861] <... futex resumed>) = ? [pid 5858] <... futex resumed>) = ? [ 72.771603][ T5874] (syz-executor218,5874,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 72.780287][ T5876] (syz-executor218,5876,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 72.788709][ T5875] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 72.798270][ T5876] (syz-executor218,5876,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 72.807529][ T5875] OCFS2: File system is now read-only. [ 72.821234][ T5874] (syz-executor218,5874,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [pid 5861] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] <... openat resumed>) = 3 [pid 5876] +++ killed by SIGSEGV (core dumped) +++ [pid 5860] <... futex resumed>) = ? [pid 5858] +++ killed by SIGSEGV (core dumped) +++ [pid 5855] <... futex resumed>) = ? [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5831] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5828] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./0/cgroup", [pid 5830] getdents64(3, [pid 5828] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] +++ killed by SIGSEGV (core dumped) +++ [pid 5860] +++ killed by SIGSEGV (core dumped) +++ [pid 5855] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5828] <... openat resumed>) = 3 [pid 5831] unlink("./0/cgroup" [pid 5830] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(3, "", [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./0/cgroup", [pid 5828] getdents64(3, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] newfstatat(AT_FDCWD, "./0/cgroup.cpu", [pid 5830] unlink("./0/cgroup" [pid 5828] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./0/cgroup.cpu" [pid 5830] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./0/cgroup", [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./0/cgroup.cpu", [pid 5828] unlink("./0/cgroup" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./0/cgroup.net", [pid 5828] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./0/cgroup.cpu" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./0/cgroup.net" [pid 5830] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./0/cgroup.cpu", [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./0/cgroup.cpu" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/cgroup.net", [pid 5828] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./0/cgroup.net" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./0/binderfs" [pid 5830] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./0/cgroup.net", [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./0/cgroup.net") = 0 [pid 5828] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./0/binderfs") = 0 [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./0/binderfs") = 0 [ 72.830809][ T5875] (syz-executor218,5875,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 72.832333][ T5874] (syz-executor218,5874,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 72.840524][ T5875] (syz-executor218,5875,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 72.858916][ T5875] (syz-executor218,5875,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 72.872270][ T5875] (syz-executor218,5875,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5859] <... futex resumed>) = ? [pid 5854] <... futex resumed>) = ? [pid 5828] <... umount2 resumed>) = 0 [pid 5826] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] +++ killed by SIGSEGV (core dumped) +++ [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5875] +++ killed by SIGSEGV (core dumped) +++ [pid 5854] +++ killed by SIGSEGV (core dumped) +++ [pid 5828] close(4 [pid 5826] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./0/file1" [pid 5826] newfstatat(3, "", [pid 5828] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./0") = 0 [pid 5828] mkdir("./1", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [ 72.881828][ T5875] (syz-executor218,5875,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 72.888597][ T5828] ocfs2: Unmounting device (7,0) on (node local) [ 72.891147][ T5875] (syz-executor218,5875,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 72.919552][ T5831] ocfs2: Unmounting device (7,3) on (node local) [pid 5828] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5826] getdents64(3, [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5826] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./0/file1", [pid 5829] <... restart_syscall resumed>) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] newfstatat(AT_FDCWD, "./0/cgroup", [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] unlink("./0/cgroup" [pid 5831] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... unlink resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5826] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(4, "", [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/file1", [pid 5831] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] newfstatat(3, "", [pid 5826] newfstatat(AT_FDCWD, "./0/cgroup.cpu", [pid 5831] getdents64(4, [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(4 [pid 5830] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./0/file1" [pid 5830] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5829] getdents64(3, [pid 5826] unlink("./0/cgroup.cpu" [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] getdents64(4, [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5826] <... unlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./0" [pid 5830] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./1", 0777 [pid 5830] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] rmdir("./0/file1") = 0 [pid 5829] newfstatat(AT_FDCWD, "./0/cgroup", [pid 5826] newfstatat(AT_FDCWD, "./0/cgroup.net", [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./0" [pid 5829] unlink("./0/cgroup" [pid 5826] unlink("./0/cgroup.net" [pid 5829] <... unlink resumed>) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5829] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/cgroup.cpu", [pid 5826] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./1", 0777 [pid 5829] unlink("./0/cgroup.cpu" [pid 5826] unlink("./0/binderfs" [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... unlink resumed>) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./0/cgroup.net") = 0 [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./0/binderfs") = 0 [ 72.947050][ T5830] ocfs2: Unmounting device (7,4) on (node local) [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5826] <... umount2 resumed>) = 0 [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/file1", [pid 5826] newfstatat(AT_FDCWD, "./0/file1", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5826] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 5826] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", [pid 5826] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5826] getdents64(4, [pid 5829] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5826] getdents64(4, [pid 5829] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5826] close(4 [pid 5829] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5829] rmdir("./0/file1" [pid 5826] rmdir("./0/file1" [pid 5829] <... rmdir resumed>) = 0 [pid 5826] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5826] getdents64(3, [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5826] close(3 [pid 5829] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5829] rmdir("./0" [pid 5826] rmdir("./0" [pid 5829] <... rmdir resumed>) = 0 [pid 5826] <... rmdir resumed>) = 0 [pid 5829] mkdir("./1", 0777 [pid 5826] mkdir("./1", 0777 [pid 5829] <... mkdir resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 73.001979][ T5826] ocfs2: Unmounting device (7,1) on (node local) [ 73.016880][ T5829] ocfs2: Unmounting device (7,2) on (node local) [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... close resumed>) = 0 [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5829] <... ioctl resumed>) = 0 [pid 5826] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5826] close(3 [pid 5830] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 6 ./strace-static-x86_64: Process 5878 attached [pid 5877] set_robust_list(0x555565b3a6a0, 24 [pid 5878] set_robust_list(0x555565b3a6a0, 24 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5877] chdir("./1" [pid 5830] <... clone resumed>, child_tidptr=0x555565b3a690) = 6 [pid 5878] chdir("./1") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5878] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5878] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5877] <... chdir resumed>) = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5877] <... prctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5878] <... openat resumed>) = 3 [pid 5877] setpgid(0, 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5878] write(3, "1000", 4 [pid 5877] <... setpgid resumed>) = 0 [pid 5878] <... write resumed>) = 4 [pid 5877] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5878] close(3 [pid 5877] <... symlink resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5877] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5878] read(200, [pid 5877] <... symlink resumed>) = 0 [pid 5878] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5877] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5878] read(200, [pid 5877] <... symlink resumed>) = 0 [pid 5878] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5878] read(200, [pid 5877] <... openat resumed>) = 3 [pid 5878] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] write(3, "1000", 4 [pid 5831] <... clone resumed>, child_tidptr=0x555565b3a690) = 6 [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5877] <... write resumed>) = 4 [pid 5878] <... symlink resumed>) = 0 [pid 5877] close(3 [pid 5878] write(1, "executing program\n", 18executing program [pid 5877] <... close resumed>) = 0 [pid 5878] <... write resumed>) = 18 [pid 5877] read(200, [pid 5878] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5826] <... close resumed>) = 0 [pid 5878] <... futex resumed>) = 0 [pid 5877] read(200, [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5877] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5878] <... mmap resumed>) = 0x7f201f215000 [pid 5877] read(200, [pid 5878] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5877] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... mprotect resumed>) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs" [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5877] <... symlink resumed>) = 0 [pid 5878] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 5877] write(1, "executing program\n", 18 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5877] <... write resumed>) = 18 ./strace-static-x86_64: Process 5880 attached [pid 5877] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5878] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7 [pid 5877] <... futex resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] <... rseq resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5880] set_robust_list(0x7f201f2359a0, 24 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... mmap resumed>) = 0x7f201f215000 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5881 attached [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] <... futex resumed>) = 0 [pid 5877] <... mprotect resumed>) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 6 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5882 attached [pid 5881] set_robust_list(0x555565b3a6a0, 24./strace-static-x86_64: Process 5879 attached [pid 5882] set_robust_list(0x555565b3a6a0, 24 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] memfd_create("syzkaller", 0 [pid 5877] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 6 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5881] chdir("./1" [pid 5880] <... memfd_create resumed>) = 3 [pid 5879] set_robust_list(0x555565b3a6a0, 24 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5882] chdir("./1" [pid 5881] <... chdir resumed>) = 0 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5883 attached [pid 5882] <... chdir resumed>) = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5879] <... set_robust_list resumed>) = 0 [pid 5883] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5881] <... prctl resumed>) = 0 [pid 5880] <... mmap resumed>) = 0x7f2016e00000 [pid 5879] chdir("./1" [pid 5877] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7 [pid 5883] <... rseq resumed>) = 0 [pid 5882] <... prctl resumed>) = 0 [pid 5881] setpgid(0, 0 [pid 5883] set_robust_list(0x7f201f2359a0, 24 [pid 5882] setpgid(0, 0 [pid 5881] <... setpgid resumed>) = 0 [pid 5879] <... chdir resumed>) = 0 [pid 5883] <... set_robust_list resumed>) = 0 [pid 5882] <... setpgid resumed>) = 0 [pid 5881] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5881] <... symlink resumed>) = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... symlink resumed>) = 0 [pid 5881] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 5879] <... prctl resumed>) = 0 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5881] <... symlink resumed>) = 0 [pid 5882] <... symlink resumed>) = 0 [pid 5881] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 5879] setpgid(0, 0 [pid 5882] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5881] <... symlink resumed>) = 0 [pid 5882] <... symlink resumed>) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] <... setpgid resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5881] <... openat resumed>) = 3 [pid 5879] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5882] <... openat resumed>) = 3 [pid 5881] write(3, "1000", 4 [pid 5882] write(3, "1000", 4 [pid 5881] <... write resumed>) = 4 [pid 5882] <... write resumed>) = 4 [pid 5881] close(3 [pid 5879] <... symlink resumed>) = 0 [pid 5882] close(3 [pid 5881] <... close resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5881] read(200, [pid 5882] read(200, [pid 5881] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5879] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5882] read(200, [pid 5881] <... symlink resumed>) = 0 [pid 5882] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5881] write(1, "executing program\n", 18 [pid 5879] <... symlink resumed>) = 0 [pid 5882] read(200, [pid 5881] <... write resumed>) = 18 [pid 5882] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5881] <... futex resumed>) = 0 [pid 5879] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5882] <... symlink resumed>) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5879] <... symlink resumed>) = 0 [pid 5882] write(1, "executing program\n", 18 [pid 5881] <... mmap resumed>) = 0x7f201f215000 [pid 5882] <... write resumed>) = 18 [pid 5881] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5882] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... mprotect resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] <... futex resumed>) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 executing program executing program [pid 5881] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5882] <... mmap resumed>) = 0x7f201f215000 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5879] <... openat resumed>) = 3 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5879] write(3, "1000", 4./strace-static-x86_64: Process 5884 attached [pid 5882] <... mprotect resumed>) = 0 [pid 5881] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7 [pid 5879] <... write resumed>) = 4 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5882] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] close(3 [pid 5877] <... futex resumed>) = 1 [pid 5883] memfd_create("syzkaller", 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... close resumed>) = 0 [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5885 attached [pid 5884] <... rseq resumed>) = 0 [pid 5883] <... memfd_create resumed>) = 3 [pid 5881] <... futex resumed>) = 0 [pid 5879] read(200, [pid 5885] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5884] set_robust_list(0x7f201f2359a0, 24 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 5885] <... rseq resumed>) = 0 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] <... mmap resumed>) = 0x7f2016e00000 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] set_robust_list(0x7f201f2359a0, 24 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] read(200, [pid 5885] <... set_robust_list resumed>) = 0 [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... futex resumed>) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... symlink resumed>) = 0 [pid 5879] write(1, "executing program\n", 18executing program [pid 5885] memfd_create("syzkaller", 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] <... memfd_create resumed>) = 3 [pid 5884] memfd_create("syzkaller", 0 [pid 5879] <... write resumed>) = 18 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5884] <... memfd_create resumed>) = 3 [pid 5885] <... mmap resumed>) = 0x7f2016e00000 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5879] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5884] <... mmap resumed>) = 0x7f2016e00000 ./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5879] <... clone3 resumed> => {parent_tid=[7]}, 88) = 7 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5886] <... rseq resumed>) = 0 [pid 5886] set_robust_list(0x7f201f2359a0, 24) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 73.324309][ T54] Bluetooth: hci4: command tx timeout [pid 5880] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5885] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5883] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5884] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5886] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5885] <... write resumed>) = 16777216 [pid 5885] munmap(0x7f2016e00000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file1", 0777) = 0 [ 73.560740][ T5885] loop2: detected capacity change from 0 to 32768 [pid 5880] <... write resumed>) = 16777216 [pid 5885] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5884] <... write resumed>) = 16777216 [pid 5880] munmap(0x7f2016e00000, 138412032 [pid 5884] munmap(0x7f2016e00000, 138412032 [pid 5880] <... munmap resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5884] <... munmap resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5880] <... ioctl resumed>) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5884] mkdir("./file1", 0777 [pid 5880] mkdir("./file1", 0777 [pid 5884] <... mkdir resumed>) = 0 [pid 5880] <... mkdir resumed>) = 0 [ 73.628960][ T5880] loop4: detected capacity change from 0 to 32768 [ 73.638806][ T5885] JBD2: Ignoring recovery information on journal [ 73.646472][ T5884] loop1: detected capacity change from 0 to 32768 [pid 5884] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5880] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5886] <... write resumed>) = 16777216 [pid 5886] munmap(0x7f2016e00000, 138412032 [pid 5883] <... write resumed>) = 16777216 [pid 5886] <... munmap resumed>) = 0 [pid 5885] <... mount resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5885] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file1" [pid 5886] <... openat resumed>) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5885] <... chdir resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5885] symlink(NULL, NULL [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... symlink resumed>) = -1 EFAULT (Bad address) [ 73.676512][ T5880] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 73.698639][ T5884] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 73.712142][ T5885] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5885] readlink("./file0", [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5883] munmap(0x7f2016e00000, 138412032 [pid 5886] <... ioctl resumed>) = 0 [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... munmap resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] <... futex resumed>) = 0 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... openat resumed>) = 4 [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5882] <... futex resumed>) = 0 [pid 5886] close(3 [pid 5885] creat("./file0", 0160 [pid 5883] <... ioctl resumed>) = 0 [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... close resumed>) = 0 [pid 5883] close(3) = 0 [pid 5886] close(4 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file1", 0777) = 0 [pid 5883] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5885] <... creat resumed>) = 4 [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 1 [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... close resumed>) = 0 [pid 5885] creat(NULL, 000 [pid 5886] mkdir("./file1", 0777) = 0 [pid 5886] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5885] <... creat resumed>) = -1 EFAULT (Bad address) [ 73.724152][ T5886] loop3: detected capacity change from 0 to 32768 [ 73.732408][ T5884] JBD2: Ignoring recovery information on journal [ 73.733942][ T5883] loop0: detected capacity change from 0 to 32768 [ 73.757898][ T5880] JBD2: Ignoring recovery information on journal [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... mount resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5882] <... futex resumed>) = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5884] <... openat resumed>) = 3 [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... openat resumed>) = 5 [pid 5884] chdir("./file1") = 0 [ 73.787383][ T5884] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 73.798093][ T5883] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 73.802209][ T29] audit: type=1804 audit(1733213251.413:7): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/1/file1/file0" dev="loop2" ino=17058 res=1 errno=0 [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... mount resumed>) = 0 [pid 5885] <... futex resumed>) = 0 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5885] memfd_create("syzkaller", 0 [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5880] <... openat resumed>) = 3 [pid 5880] chdir("./file1") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5880] symlink(NULL, NULL [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5880] readlink("./file0", [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5880] creat("./file0", 0160 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... futex resumed>) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5885] <... memfd_create resumed>) = 6 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5885] <... mmap resumed>) = 0x7f2016e00000 [pid 5884] symlink(NULL, NULL [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5880] <... creat resumed>) = 4 [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] creat(NULL, 000 [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... openat resumed>) = 5 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5880] memfd_create("syzkaller", 0 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5880] <... memfd_create resumed>) = 6 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5884] <... futex resumed>) = 1 [pid 5881] <... futex resumed>) = 0 [ 73.818592][ T5880] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 73.832505][ T5883] JBD2: Ignoring recovery information on journal [ 73.864049][ T29] audit: type=1804 audit(1733213251.473:8): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/1/file1/file0" dev="loop4" ino=17058 res=1 errno=0 [pid 5880] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5880] <... write resumed>) = 4194304 [pid 5884] readlink("./file0", [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] munmap(0x7f2016e00000, 138412032 [pid 5884] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5880] <... munmap resumed>) = 0 [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] close(6 [pid 5884] <... futex resumed>) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5880] <... close resumed>) = 0 [pid 5884] creat("./file0", 0160 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5884] <... creat resumed>) = 4 [ 73.886317][ T5886] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 73.905749][ T5886] JBD2: Ignoring recovery information on journal [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5878] <... futex resumed>) = 1 [pid 5880] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5878] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] <... mkdir resumed>) = 0 [pid 5880] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5884] <... futex resumed>) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5885] <... write resumed>) = 4194304 [pid 5886] <... mount resumed>) = 0 [pid 5884] creat(NULL, 000 [pid 5883] <... mount resumed>) = 0 [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5884] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5881] <... futex resumed>) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.932980][ T5886] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 73.946886][ T5883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 73.961154][ T5880] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5885] munmap(0x7f2016e00000, 138412032 [pid 5886] <... openat resumed>) = 3 [pid 5885] <... munmap resumed>) = 0 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... openat resumed>) = 3 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] close(6 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] chdir("./file1" [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5884] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... chdir resumed>) = 0 [pid 5886] chdir("./file1" [pid 5884] <... openat resumed>) = 5 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5885] <... close resumed>) = 0 [pid 5886] <... chdir resumed>) = 0 [pid 5885] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... futex resumed>) = 1 [pid 5885] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = 1 [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 1 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5885] <... futex resumed>) = 0 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] <... futex resumed>) = 1 [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... futex resumed>) = 0 [ 73.981418][ T5880] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 73.992134][ T29] audit: type=1804 audit(1733213251.613:9): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/1/file1/file0" dev="loop1" ino=17058 res=1 errno=0 [ 73.992823][ T5880] OCFS2: File system is now read-only. [ 74.020146][ T5880] (syz-executor218,5880,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5885] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5882] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... mkdir resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 1 [pid 5885] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5883] symlink(NULL, NULL [pid 5886] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5884] <... memfd_create resumed>) = 6 [pid 5879] <... futex resumed>) = 0 [pid 5883] readlink("./file0", [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5883] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] symlink(NULL, NULL [pid 5884] <... mmap resumed>) = 0x7f2016e00000 [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5883] <... futex resumed>) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5883] creat("./file0", 0160 [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5886] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5879] <... futex resumed>) = 0 [ 74.030829][ T5880] (syz-executor218,5880,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 74.044436][ T5880] (syz-executor218,5880,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 74.054848][ T5885] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 74.065836][ T5880] (syz-executor218,5880,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5886] readlink("./file0", NULL, 0) = -1 EINVAL (Invalid argument) [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... write resumed>) = 4194304 [pid 5883] <... creat resumed>) = 4 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5884] munmap(0x7f2016e00000, 138412032 [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] +++ killed by SIGSEGV (core dumped) +++ [pid 5878] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5830] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/cgroup") = 0 [pid 5830] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/cgroup.cpu") = 0 [pid 5830] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/cgroup.net") = 0 [pid 5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/binderfs") = 0 [ 74.076754][ T5885] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 74.082868][ T5880] (syz-executor218,5880,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 74.102206][ T5880] (syz-executor218,5880,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 74.110779][ T5885] OCFS2: File system is now read-only. [ 74.116519][ T5885] (syz-executor218,5885,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] <... munmap resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=23000000} [pid 5883] creat(NULL, 000 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = 0 [pid 5886] <... futex resumed>) = 0 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5883] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5879] <... futex resumed>) = 1 [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5877] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f1f4000 [pid 5886] creat("./file0", 0160 [pid 5884] close(6 [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = ? [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] <... creat resumed>) = 4 [pid 5885] +++ killed by SIGSEGV (core dumped) +++ [pid 5884] <... close resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5882] +++ killed by SIGSEGV (core dumped) +++ [pid 5877] <... mprotect resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] newfstatat(AT_FDCWD, "./1/file1", [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5886] <... futex resumed>) = 1 [pid 5884] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5877] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5897 attached [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5881] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5886] creat(NULL, 000 [pid 5877] <... clone3 resumed> => {parent_tid=[8]}, 88) = 8 [pid 5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... rseq resumed>) = 0 [pid 5886] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5884] <... mkdir resumed>) = 0 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] set_robust_list(0x7f201f2149a0, 24 [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 4 [ 74.127858][ T5885] (syz-executor218,5885,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 74.133494][ T5830] ocfs2: Unmounting device (7,4) on (node local) [ 74.137789][ T5885] (syz-executor218,5885,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 74.154097][ T5885] (syz-executor218,5885,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 74.162883][ T5885] (syz-executor218,5885,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 74.172878][ T5885] (syz-executor218,5885,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] <... set_robust_list resumed>) = 0 [pid 5886] <... futex resumed>) = 0 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(4, "", [pid 5829] <... openat resumed>) = 3 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5879] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(3, "", [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... openat resumed>) = 5 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] getdents64(4, [pid 5897] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5830] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5897] <... openat resumed>) = 5 [pid 5886] <... futex resumed>) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] getdents64(3, [pid 5897] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] memfd_create("syzkaller", 0 [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5886] <... memfd_create resumed>) = 6 [pid 5829] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... mmap resumed>) = 0x7f2016e00000 [pid 5829] newfstatat(AT_FDCWD, "./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 0 [ 74.201043][ T29] audit: type=1804 audit(1733213251.813:10): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/1/file1/file0" dev="loop3" ino=17058 res=1 errno=0 [ 74.216221][ T5884] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5830] close(4 [pid 5829] unlink("./1/cgroup") = 0 [pid 5829] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./1/cgroup.cpu") = 0 [pid 5829] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./1/cgroup.net") = 0 [pid 5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./1/binderfs") = 0 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] futex(0x7f201fb106d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 1 [pid 5830] rmdir("./1/file1" [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5886] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5883] memfd_create("syzkaller", 0 [pid 5830] <... rmdir resumed>) = 0 [ 74.222757][ T29] audit: type=1804 audit(1733213251.813:11): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/1/file1/file0" dev="loop0" ino=17058 res=1 errno=0 [ 74.259590][ T5884] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 74.273756][ T5884] OCFS2: File system is now read-only. [ 74.279439][ T5884] (syz-executor218,5884,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 74.289836][ T5884] (syz-executor218,5884,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [pid 5830] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./1") = 0 [pid 5830] mkdir("./2", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5883] <... memfd_create resumed>) = 6 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016c00000 [pid 5884] +++ killed by SIGSEGV (core dumped) +++ [pid 5881] <... futex resumed>) = ? [pid 5886] <... write resumed>) = 4194304 [ 74.299526][ T5884] (syz-executor218,5884,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 74.313306][ T5884] (syz-executor218,5884,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 74.322002][ T5884] (syz-executor218,5884,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 74.331411][ T5884] (syz-executor218,5884,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 74.343074][ T5829] ocfs2: Unmounting device (7,2) on (node local) [pid 5883] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5881] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] <... umount2 resumed>) = 0 [pid 5886] munmap(0x7f2016e00000, 138412032 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] <... munmap resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./1/file1", [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] close(6 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5826] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] newfstatat(4, "", [pid 5883] <... write resumed>) = 4194304 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5898 attached [pid 5830] <... clone resumed>, child_tidptr=0x555565b3a690) = 8 [pid 5829] getdents64(4, [pid 5826] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] munmap(0x7f2016c00000, 138412032 [pid 5898] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5826] <... openat resumed>) = 3 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5829] getdents64(4, [pid 5826] newfstatat(3, "", [pid 5898] chdir("./2" [pid 5829] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5898] <... chdir resumed>) = 0 [pid 5829] close(4 [pid 5826] getdents64(3, [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... close resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5898] <... prctl resumed>) = 0 [pid 5829] rmdir("./1/file1" [pid 5826] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] setpgid(0, 0 [pid 5883] <... munmap resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] <... setpgid resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] getdents64(3, [pid 5826] newfstatat(AT_FDCWD, "./1/cgroup", [pid 5898] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5883] close(6 [pid 5826] unlink("./1/cgroup" [pid 5898] <... symlink resumed>) = 0 [pid 5829] close(3 [pid 5826] <... unlink resumed>) = 0 [pid 5898] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5829] <... close resumed>) = 0 [pid 5826] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... symlink resumed>) = 0 [pid 5829] rmdir("./1" [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5829] <... rmdir resumed>) = 0 [pid 5826] newfstatat(AT_FDCWD, "./1/cgroup.cpu", [pid 5898] <... symlink resumed>) = 0 [pid 5829] mkdir("./2", 0777 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... mkdir resumed>) = 0 [pid 5826] unlink("./1/cgroup.cpu" [pid 5898] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5826] <... unlink resumed>) = 0 [pid 5898] write(3, "1000", 4 [pid 5829] <... openat resumed>) = 3 [pid 5826] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... write resumed>) = 4 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] close(3 [pid 5829] <... ioctl resumed>) = 0 [pid 5826] newfstatat(AT_FDCWD, "./1/cgroup.net", [pid 5898] <... close resumed>) = 0 [pid 5829] close(3 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] read(200, [pid 5886] <... close resumed>) = 0 [pid 5883] <... close resumed>) = 0 [pid 5826] unlink("./1/cgroup.net" [pid 5883] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... unlink resumed>) = 0 [pid 5886] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5826] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] <... futex resumed>) = 1 [pid 5883] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] <... futex resumed>) = 0 [pid 5877] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5826] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5879] <... futex resumed>) = 0 [pid 5877] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5883] <... mkdir resumed>) = 0 [pid 5826] unlink("./1/binderfs" [pid 5886] <... mkdir resumed>) = 0 [pid 5879] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... unlink resumed>) = 0 [pid 5826] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5898] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5898] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5899 attached ) = 0 [pid 5899] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 8 executing program [pid 5898] write(1, "executing program\n", 18 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] <... write resumed>) = 18 [ 74.444419][ T54] Bluetooth: hci0: command tx timeout [ 74.449875][ T54] Bluetooth: hci3: command tx timeout [ 74.455985][ T5841] Bluetooth: hci1: command tx timeout [ 74.461409][ T5841] Bluetooth: hci2: command tx timeout [pid 5898] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] chdir("./2" [pid 5898] <... futex resumed>) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5898] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [ 74.497978][ T5883] OCFS2: ERROR (device loop0): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 74.498793][ T5886] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 74.517919][ T5883] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5899] <... chdir resumed>) = 0 [ 74.535989][ T5886] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 74.545312][ T5883] OCFS2: File system is now read-only. [ 74.545325][ T5883] (syz-executor218,5883,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 74.555298][ T5886] OCFS2: File system is now read-only. [ 74.561579][ T5883] (syz-executor218,5883,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 74.570255][ T5886] (syz-executor218,5886,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} => {parent_tid=[9]}, 88) = 9 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.587023][ T5883] (syz-executor218,5883,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 74.594544][ T5886] (syz-executor218,5886,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 74.604794][ T5883] (syz-executor218,5883,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 74.613803][ T5886] (syz-executor218,5886,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 74.622941][ T5883] (syz-executor218,5883,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 74.633384][ T5886] (syz-executor218,5886,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5900 attached [pid 5899] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5900] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5899] <... symlink resumed>) = 0 [pid 5900] <... rseq resumed>) = 0 [pid 5899] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5883] +++ killed by SIGSEGV (core dumped) +++ [pid 5900] set_robust_list(0x7f201f2359a0, 24 [pid 5899] <... symlink resumed>) = 0 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] <... symlink resumed>) = 0 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5900] memfd_create("syzkaller", 0 [pid 5897] <... futex resumed>) = ? [pid 5879] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = ? [pid 5897] +++ killed by SIGSEGV (core dumped) +++ [pid 5886] +++ killed by SIGSEGV (core dumped) +++ [pid 5877] +++ killed by SIGSEGV (core dumped) +++ [pid 5879] +++ killed by SIGSEGV (core dumped) +++ [pid 5900] <... memfd_create resumed>) = 3 [pid 5899] <... openat resumed>) = 3 [pid 5826] <... umount2 resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5899] write(3, "1000", 4) = 4 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5826] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] close(3 [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5900] <... mmap resumed>) = 0x7f2016e00000 [pid 5828] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... close resumed>) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] read(200, [pid 5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./1/file1", [pid 5899] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] <... symlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] <... openat resumed>) = 3 executing program [pid 5826] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] write(1, "executing program\n", 18 [pid 5831] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5899] <... write resumed>) = 18 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5831] getdents64(3, [pid 5826] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5828] getdents64(3, [pid 5826] <... openat resumed>) = 4 [pid 5899] <... mmap resumed>) = 0x7f201f215000 [pid 5831] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5826] newfstatat(4, "", [pid 5899] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... mprotect resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./1/cgroup", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(AT_FDCWD, "./1/cgroup", [pid 5899] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] unlink("./1/cgroup" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] getdents64(4, [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5831] <... unlink resumed>) = 0 [pid 5828] unlink("./1/cgroup" [pid 5826] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5901 attached [pid 5831] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... unlink resumed>) = 0 [pid 5826] getdents64(4, [pid 5901] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5899] <... clone3 resumed> => {parent_tid=[9]}, 88) = 9 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5901] <... rseq resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] newfstatat(AT_FDCWD, "./1/cgroup.cpu", [pid 5828] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] close(4 [pid 5901] set_robust_list(0x7f201f2359a0, 24 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... close resumed>) = 0 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] unlink("./1/cgroup.cpu" [pid 5828] newfstatat(AT_FDCWD, "./1/cgroup.cpu", [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] rmdir("./1/file1" [pid 5901] memfd_create("syzkaller", 0 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... rmdir resumed>) = 0 [pid 5901] <... memfd_create resumed>) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] unlink("./1/cgroup.cpu" [pid 5826] getdents64(3, [pid 5901] <... mmap resumed>) = 0x7f2016e00000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./1/cgroup.net", [pid 5828] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./1/cgroup.net" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./1/cgroup.net", [pid 5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./1/cgroup.net" [pid 5826] rmdir("./1" [pid 5831] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5828] <... unlink resumed>) = 0 [pid 5826] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./1/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] mkdir("./2", 0777 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5826] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] unlink("./1/binderfs" [pid 5826] <... openat resumed>) = 3 [pid 5828] <... unlink resumed>) = 0 [ 74.641868][ T5883] (syz-executor218,5883,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 74.649576][ T5886] (syz-executor218,5886,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 74.666241][ T5886] (syz-executor218,5886,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 74.666596][ T5826] ocfs2: Unmounting device (7,1) on (node local) [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = 0 [ 74.735505][ T5831] ocfs2: Unmounting device (7,3) on (node local) [pid 5826] <... ioctl resumed>) = 0 [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] close(3 [pid 5900] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./1/file1", [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./1/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(4, "", [pid 5828] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5831] getdents64(4, [pid 5828] newfstatat(4, "", [pid 5831] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5828] getdents64(4, [pid 5831] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5831] close(4 [pid 5828] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5831] rmdir("./1/file1" [pid 5828] close(4) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] rmdir("./1/file1" [pid 5831] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] close(3 [pid 5828] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] close(3 [pid 5831] rmdir("./1" [pid 5828] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] rmdir("./1") = 0 [pid 5831] mkdir("./2", 0777 [pid 5828] mkdir("./2", 0777 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [ 74.786712][ T5828] ocfs2: Unmounting device (7,0) on (node local) [pid 5831] close(3 [pid 5826] <... close resumed>) = 0 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached [pid 5901] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5902] set_robust_list(0x555565b3a6a0, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 8 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5902] chdir("./2") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 5902] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 5902] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5902] write(1, "executing program\n", 18) = 18 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5902] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5902] <... clone3 resumed> => {parent_tid=[9]}, 88) = 9 [pid 5903] <... rseq resumed>) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] set_robust_list(0x7f201f2359a0, 24 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] <... futex resumed>) = 0 [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x555565b3a690) = 8 [pid 5904] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5904] chdir("./2") = 0 [pid 5828] <... close resumed>) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5904] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5905 attached [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 9 [pid 5904] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5904] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5900] <... write resumed>) = 16777216 [pid 5904] close(3 [pid 5900] munmap(0x7f2016e00000, 138412032 [pid 5905] set_robust_list(0x555565b3a6a0, 24 [pid 5904] <... close resumed>) = 0 [pid 5904] read(200, [pid 5905] <... set_robust_list resumed>) = 0 [pid 5904] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] chdir("./2" [pid 5904] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5904] write(1, "executing program\n", 18 [pid 5905] <... chdir resumed>) = 0 [pid 5904] <... write resumed>) = 18 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5904] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... prctl resumed>) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5905] setpgid(0, 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5905] <... setpgid resumed>) = 0 [pid 5904] <... mmap resumed>) = 0x7f201f215000 [pid 5905] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5904] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5900] <... munmap resumed>) = 0 [pid 5904] <... mprotect resumed>) = 0 [pid 5905] <... symlink resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5905] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5905] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5904] <... clone3 resumed> => {parent_tid=[9]}, 88) = 9 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5906 attached [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5900] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5906] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5905] <... openat resumed>) = 3 [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] <... rseq resumed>) = 0 [pid 5900] <... openat resumed>) = 4 [pid 5906] set_robust_list(0x7f201f2359a0, 24) = 0 [pid 5905] write(3, "1000", 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... write resumed>) = 4 [pid 5905] close(3) = 0 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5905] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5905] <... clone3 resumed> => {parent_tid=[10]}, 88) = 10 [pid 5906] memfd_create("syzkaller", 0 [pid 5900] <... ioctl resumed>) = 0 [pid 5906] <... memfd_create resumed>) = 3 [pid 5907] <... rseq resumed>) = 0 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] close(3 [pid 5907] set_robust_list(0x7f201f2359a0, 24 [pid 5906] <... mmap resumed>) = 0x7f2016e00000 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] <... close resumed>) = 0 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... futex resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5900] close(4) = 0 [pid 5900] mkdir("./file1", 0777) = 0 [ 75.045838][ T5900] loop4: detected capacity change from 0 to 32768 [ 75.082297][ T5900] JBD2: Ignoring recovery information on journal [pid 5900] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5903] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5901] <... write resumed>) = 16777216 [pid 5901] munmap(0x7f2016e00000, 138412032 [pid 5906] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5900] <... mount resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5901] <... munmap resumed>) = 0 [pid 5900] <... openat resumed>) = 3 [ 75.164544][ T5900] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [pid 5901] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5900] chdir("./file1" [pid 5901] <... openat resumed>) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5900] <... chdir resumed>) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5901] <... ioctl resumed>) = 0 [pid 5900] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] symlink(NULL, NULL) = -1 EFAULT (Bad address) [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5900] readlink("./file0", [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] creat("./file0", 0160 [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... creat resumed>) = 4 [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5900] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... openat resumed>) = 5 [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5898] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5900] memfd_create("syzkaller", 0) = 6 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5907] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5901] close(3) = 0 [ 75.216338][ T5901] loop2: detected capacity change from 0 to 32768 [pid 5901] close(4) = 0 [pid 5900] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5901] mkdir("./file1", 0777) = 0 [pid 5901] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5906] <... write resumed>) = 16777216 [pid 5906] munmap(0x7f2016e00000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file1", 0777) = 0 [ 75.306658][ T5901] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 75.313997][ T5906] loop3: detected capacity change from 0 to 32768 [ 75.319058][ T5901] JBD2: Ignoring recovery information on journal [pid 5906] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5903] <... write resumed>) = 16777216 [pid 5903] munmap(0x7f2016e00000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file1", 0777) = 0 [pid 5903] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5900] <... write resumed>) = 4194304 [pid 5900] munmap(0x7f2016e00000, 138412032 [pid 5901] <... mount resumed>) = 0 [pid 5900] <... munmap resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5900] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5901] <... openat resumed>) = 3 [pid 5900] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5901] chdir("./file1" [pid 5900] close(6 [pid 5901] <... chdir resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [ 75.378568][ T5906] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 75.386162][ T5903] loop1: detected capacity change from 0 to 32768 [ 75.405484][ T54] Bluetooth: hci4: command tx timeout [ 75.419572][ T5901] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] symlink(NULL, NULL [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] readlink("./file0", [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] creat("./file0", 0160 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... close resumed>) = 0 [pid 5900] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] <... write resumed>) = 16777216 [pid 5901] <... creat resumed>) = 4 [pid 5898] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] munmap(0x7f2016e00000, 138412032 [pid 5901] <... futex resumed>) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] creat(NULL, 000 [pid 5900] <... futex resumed>) = 0 [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 1 [pid 5901] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5900] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... mkdir resumed>) = 0 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... munmap resumed>) = 0 [pid 5901] <... futex resumed>) = 0 [pid 5900] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 75.446862][ T5903] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 75.465982][ T5906] JBD2: Ignoring recovery information on journal [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... openat resumed>) = 5 [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] memfd_create("syzkaller", 0 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5901] <... memfd_create resumed>) = 6 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5907] <... openat resumed>) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] <... mount resumed>) = 0 [pid 5901] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5907] close(3 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5907] <... close resumed>) = 0 [pid 5907] close(4 [pid 5906] <... openat resumed>) = 3 [pid 5906] chdir("./file1" [pid 5907] <... close resumed>) = 0 [pid 5907] mkdir("./file1", 0777 [pid 5906] <... chdir resumed>) = 0 [ 75.501850][ T5903] JBD2: Ignoring recovery information on journal [ 75.523263][ T5906] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 75.532750][ T5907] loop0: detected capacity change from 0 to 32768 [pid 5907] <... mkdir resumed>) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5907] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5906] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5906] symlink(NULL, NULL [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5906] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5906] readlink("./file0", [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5903] <... mount resumed>) = 0 [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5906] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5906] creat("./file0", 0160 [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] chdir("./file1") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... write resumed>) = 4194304 [pid 5902] <... futex resumed>) = 0 [ 75.546998][ T5900] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 75.566949][ T5900] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 75.566964][ T5903] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 75.566982][ T5900] OCFS2: File system is now read-only. [ 75.566991][ T5900] (syz-executor218,5900,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5901] munmap(0x7f2016e00000, 138412032 [pid 5906] <... creat resumed>) = 4 [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... munmap resumed>) = 0 [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5906] <... futex resumed>) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5901] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] symlink(NULL, NULL [pid 5901] close(6 [pid 5904] <... futex resumed>) = 0 [pid 5903] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] creat(NULL, 000 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... futex resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5902] <... futex resumed>) = 1 [ 75.604586][ T5900] (syz-executor218,5900,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 75.615099][ T5900] (syz-executor218,5900,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 75.625430][ T5900] (syz-executor218,5900,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 75.634884][ T5900] (syz-executor218,5900,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 75.641570][ T5907] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [pid 5901] <... close resumed>) = 0 [pid 5906] <... openat resumed>) = 5 [pid 5903] readlink("./file0", [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5901] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5901] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] +++ killed by SIGSEGV (core dumped) +++ [pid 5899] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] creat("./file0", 0160 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5906] memfd_create("syzkaller", 0 [pid 5904] <... futex resumed>) = 0 [pid 5901] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5899] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] <... memfd_create resumed>) = 6 [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5903] <... creat resumed>) = 4 [pid 5901] <... mkdir resumed>) = 0 [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5903] <... futex resumed>) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5906] <... mmap resumed>) = 0x7f2016e00000 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 75.645276][ T5900] (syz-executor218,5900,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 75.659858][ T5907] JBD2: Ignoring recovery information on journal [ 75.685069][ T5907] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5898] +++ killed by SIGSEGV (core dumped) +++ [pid 5903] creat(NULL, 000 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- [pid 5903] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5903] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... openat resumed>) = 5 [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5903] memfd_create("syzkaller", 0 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5903] <... memfd_create resumed>) = 6 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5907] <... mount resumed>) = 0 [pid 5903] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [ 75.699340][ T5901] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 75.718105][ T5901] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 75.728005][ T5901] OCFS2: File system is now read-only. [ 75.733467][ T5901] (syz-executor218,5901,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 75.742822][ T5901] (syz-executor218,5901,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [pid 5830] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file1") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5907] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] symlink(NULL, NULL) = -1 EFAULT (Bad address) [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5905] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5907] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... write resumed>) = 4194304 [pid 5899] <... futex resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 5901] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5830] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] unlink("./2/cgroup" [pid 5907] readlink("./file0", [pid 5905] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./2/cgroup.cpu") = 0 [pid 5830] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./2/cgroup.net") = 0 [pid 5830] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5899] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] munmap(0x7f2016e00000, 138412032 [pid 5830] unlink("./2/binderfs") = 0 [pid 5830] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] <... futex resumed>) = 0 [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... munmap resumed>) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5907] creat("./file0", 0160 [pid 5905] <... futex resumed>) = 0 [pid 5903] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] close(6 [pid 5906] <... write resumed>) = 4194304 [pid 5906] munmap(0x7f2016e00000, 138412032 [pid 5907] <... creat resumed>) = 4 [pid 5903] <... close resumed>) = 0 [pid 5903] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5903] <... futex resumed>) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [ 75.752897][ T5901] (syz-executor218,5901,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 75.762873][ T5901] (syz-executor218,5901,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 75.771650][ T5901] (syz-executor218,5901,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 75.780699][ T5901] (syz-executor218,5901,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5902] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] <... mkdir resumed>) = 0 [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5829] <... openat resumed>) = 3 [pid 5907] <... futex resumed>) = 1 [pid 5906] <... munmap resumed>) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5907] creat(NULL, 000 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 0 [pid 5907] <... futex resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] close(6 [pid 5907] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] getdents64(3, [pid 5830] <... umount2 resumed>) = 0 [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5905] <... futex resumed>) = 1 [pid 5830] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.819613][ T5830] ocfs2: Unmounting device (7,4) on (node local) [ 75.839929][ T5903] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5830] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5907] <... futex resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5829] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./2/file1") = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./2") = 0 [pid 5830] mkdir("./3", 0777) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5906] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] newfstatat(AT_FDCWD, "./2/cgroup", [pid 5906] <... futex resumed>) = 1 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] <... openat resumed>) = 5 [pid 5906] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] unlink("./2/cgroup" [pid 5904] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5904] <... futex resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5904] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 75.860886][ T5903] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 75.871140][ T5903] OCFS2: File system is now read-only. [ 75.878499][ T5903] (syz-executor218,5903,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 75.888606][ T5903] (syz-executor218,5903,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 75.898578][ T5903] (syz-executor218,5903,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 75.908386][ T5903] (syz-executor218,5903,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5830] close(3 [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... close resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5907] <... futex resumed>) = 0 [pid 5906] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5905] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5902] <... futex resumed>) = ? [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... mkdir resumed>) = 0 [pid 5903] +++ killed by SIGSEGV (core dumped) +++ [pid 5902] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5829] newfstatat(AT_FDCWD, "./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./2/cgroup.cpu") = 0 [pid 5829] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./2/cgroup.net") = 0 [pid 5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./2/binderfs") = 0 [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5918 attached [pid 5830] <... clone resumed>, child_tidptr=0x555565b3a690) = 10 [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [ 75.917181][ T5903] (syz-executor218,5903,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 75.926397][ T5903] (syz-executor218,5903,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5918] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] chdir("./3") = 0 [pid 5907] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5907] memfd_create("syzkaller", 0 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5826] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = 0 [ 75.961591][ T5829] ocfs2: Unmounting device (7,2) on (node local) [ 75.972131][ T5906] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 75.993140][ T5906] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 76.003977][ T5906] OCFS2: File system is now read-only. [pid 5918] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5907] <... memfd_create resumed>) = 6 [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... openat resumed>) = 3 [pid 5918] <... symlink resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5826] newfstatat(3, "", [pid 5918] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5907] <... mmap resumed>) = 0x7f2016e00000 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5918] <... symlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] getdents64(3, [pid 5918] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5918] <... symlink resumed>) = 0 [pid 5826] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... openat resumed>) = 3 [pid 5826] newfstatat(AT_FDCWD, "./2/cgroup", [pid 5918] write(3, "1000", 4 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... write resumed>) = 4 [pid 5826] unlink("./2/cgroup" [pid 5918] close(3 [pid 5826] <... unlink resumed>) = 0 [pid 5918] <... close resumed>) = 0 [pid 5826] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] read(200, [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] newfstatat(AT_FDCWD, "./2/cgroup.cpu", [pid 5918] symlink("/dev/binderfs", "./binderfs" [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... symlink resumed>) = 0 [pid 5826] unlink("./2/cgroup.cpu" [pid 5829] newfstatat(AT_FDCWD, "./2/file1", executing program [pid 5918] write(1, "executing program\n", 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5918] <... write resumed>) = 18 [pid 5826] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... futex resumed>) = 0 [pid 5826] newfstatat(AT_FDCWD, "./2/cgroup.net", [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... mmap resumed>) = 0x7f201f215000 [pid 5826] unlink("./2/cgroup.net" [pid 5918] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5826] <... unlink resumed>) = 0 [pid 5918] <... mprotect resumed>) = 0 [pid 5826] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5826] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5919 attached [pid 5826] unlink("./2/binderfs" [pid 5919] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5918] <... clone3 resumed> => {parent_tid=[11]}, 88) = 11 [pid 5826] <... unlink resumed>) = 0 [pid 5919] <... rseq resumed>) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] set_robust_list(0x7f201f2359a0, 24 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... futex resumed>) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [ 76.011148][ T5906] (syz-executor218,5906,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 76.021433][ T5906] (syz-executor218,5906,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 76.039103][ T5826] ocfs2: Unmounting device (7,1) on (node local) [ 76.045634][ T5906] (syz-executor218,5906,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [pid 5829] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5826] <... umount2 resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5826] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5826] newfstatat(AT_FDCWD, "./2/file1", [pid 5829] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5906] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] getdents64(4, [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5826] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5826] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./2/file1") = 0 [pid 5829] getdents64(3, [pid 5826] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] newfstatat(4, "", [pid 5829] close(3) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./2" [pid 5826] getdents64(4, [pid 5829] <... rmdir resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5829] mkdir("./3", 0777 [pid 5826] getdents64(4, [pid 5829] <... mkdir resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5826] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5826] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5826] rmdir("./2/file1") = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5826] getdents64(3, [pid 5829] close(3 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] close(3) = 0 [pid 5907] <... write resumed>) = 4194304 [pid 5907] munmap(0x7f2016e00000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] close(6 [pid 5826] rmdir("./2") = 0 [pid 5826] mkdir("./3", 0777) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5826] ioctl(3, LOOP_CLR_FD) = 0 [pid 5907] <... close resumed>) = 0 [pid 5826] close(3 [pid 5907] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5907] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5907] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5905] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] <... mkdir resumed>) = 0 [ 76.060184][ T5906] (syz-executor218,5906,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 76.069175][ T5906] (syz-executor218,5906,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 76.080302][ T5906] (syz-executor218,5906,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5907] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5904] <... futex resumed>) = ? [pid 5904] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- [pid 5831] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./2/cgroup") = 0 [pid 5831] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./2/cgroup.cpu") = 0 [pid 5831] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./2/cgroup.net") = 0 [pid 5831] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.162935][ T5907] OCFS2: ERROR (device loop0): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5831] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5919] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./2/binderfs") = 0 [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached ./strace-static-x86_64: Process 5920 attached [pid 5921] set_robust_list(0x555565b3a6a0, 24 [pid 5920] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 10 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 10 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] chdir("./3" [pid 5920] chdir("./3" [pid 5921] <... chdir resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5921] <... prctl resumed>) = 0 [pid 5920] <... prctl resumed>) = 0 [pid 5921] setpgid(0, 0 [pid 5920] setpgid(0, 0 [pid 5921] <... setpgid resumed>) = 0 [pid 5920] <... setpgid resumed>) = 0 [pid 5921] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5920] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 5921] <... symlink resumed>) = 0 [pid 5920] <... symlink resumed>) = 0 [pid 5921] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5920] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 5921] <... symlink resumed>) = 0 [pid 5920] <... symlink resumed>) = 0 [pid 5921] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5920] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 5921] <... symlink resumed>) = 0 [pid 5920] <... symlink resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] <... openat resumed>) = 3 [pid 5921] write(3, "1000", 4 [pid 5920] write(3, "1000", 4 [pid 5921] <... write resumed>) = 4 [pid 5920] <... write resumed>) = 4 [pid 5921] close(3 [pid 5920] close(3) = 0 [pid 5921] <... close resumed>) = 0 [pid 5920] read(200, [pid 5921] read(200, [pid 5920] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5921] symlink("/dev/binderfs", "./binderfs" [pid 5920] <... symlink resumed>) = 0 executing program [pid 5921] <... symlink resumed>) = 0 [pid 5920] write(1, "executing program\n", 18) = 18 executing program [pid 5921] write(1, "executing program\n", 18 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5921] <... write resumed>) = 18 [pid 5920] <... mmap resumed>) = 0x7f201f215000 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5921] <... futex resumed>) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5921] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} => {parent_tid=[11]}, 88) = 11 [ 76.225680][ T5907] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 76.241910][ T5907] OCFS2: File system is now read-only. [ 76.249547][ T5907] (syz-executor218,5907,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5922 attached [pid 5920] <... mprotect resumed>) = 0 [pid 5922] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053) = 0 [pid 5922] set_robust_list(0x7f201f2359a0, 24) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5831] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5920] <... clone3 resumed> => {parent_tid=[11]}, 88) = 11 [pid 5923] <... rseq resumed>) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] set_robust_list(0x7f201f2359a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 76.274610][ T5831] ocfs2: Unmounting device (7,3) on (node local) [ 76.277362][ T5907] (syz-executor218,5907,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 76.293557][ T5907] (syz-executor218,5907,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 76.304605][ T5907] (syz-executor218,5907,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 76.313614][ T5907] (syz-executor218,5907,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] <... futex resumed>) = 0 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] memfd_create("syzkaller", 0 [pid 5831] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] <... memfd_create resumed>) = 3 [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5905] <... futex resumed>) = ? [pid 5831] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5907] +++ killed by SIGSEGV (core dumped) +++ [pid 5905] +++ killed by SIGSEGV (core dumped) +++ [ 76.326482][ T5907] (syz-executor218,5907,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5922] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5919] <... write resumed>) = 16777216 [pid 5831] <... openat resumed>) = 4 [pid 5923] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5919] munmap(0x7f2016e00000, 138412032 [pid 5831] newfstatat(4, "", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9, si_uid=0, si_status=SIGSEGV, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5919] <... munmap resumed>) = 0 [pid 5828] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5828] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(4 [pid 5828] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] rmdir("./2/file1" [pid 5828] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./2/cgroup", [pid 5831] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 5828] unlink("./2/cgroup" [pid 5831] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] rmdir("./2" [pid 5828] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] <... openat resumed>) = 4 [pid 5831] mkdir("./3", 0777 [pid 5828] newfstatat(AT_FDCWD, "./2/cgroup.cpu", [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./2/cgroup.cpu") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] newfstatat(AT_FDCWD, "./2/cgroup.net", [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 5828] unlink("./2/cgroup.net" [pid 5919] <... ioctl resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5919] close(3) = 0 [pid 5828] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] close(4) = 0 [pid 5919] mkdir("./file1", 0777) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5828] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./2/binderfs") = 0 [ 76.431615][ T5919] loop4: detected capacity change from 0 to 32768 [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 76.499003][ T5828] ocfs2: Unmounting device (7,0) on (node local) [ 76.525465][ T54] Bluetooth: hci3: command tx timeout [ 76.530900][ T54] Bluetooth: hci2: command tx timeout [ 76.536351][ T54] Bluetooth: hci1: command tx timeout [ 76.536362][ T5919] JBD2: Ignoring recovery information on journal [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./2/file1") = 0 [pid 5828] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./2") = 0 [pid 5828] mkdir("./3", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565b3a690) = 10 [ 76.541721][ T54] Bluetooth: hci0: command tx timeout ./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5925] chdir("./3") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5925] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5925] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] <... close resumed>) = 0 executing program [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5925] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 11 [pid 5925] <... mprotect resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} => {parent_tid=[11]}, 88) = 11 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5926 attached [pid 5926] set_robust_list(0x555565b3a6a0, 24./strace-static-x86_64: Process 5927 attached ) = 0 [pid 5927] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5926] chdir("./3" [pid 5927] <... rseq resumed>) = 0 [pid 5927] set_robust_list(0x7f201f2359a0, 24) = 0 [pid 5926] <... chdir resumed>) = 0 [pid 5922] <... write resumed>) = 16777216 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] munmap(0x7f2016e00000, 138412032 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5926] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5926] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4 [pid 5927] memfd_create("syzkaller", 0 [pid 5926] <... write resumed>) = 4 [pid 5923] <... write resumed>) = 16777216 [pid 5922] <... munmap resumed>) = 0 [pid 5919] <... mount resumed>) = 0 [pid 5927] <... memfd_create resumed>) = 3 [pid 5926] close(3 [pid 5923] munmap(0x7f2016e00000, 138412032 [pid 5922] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... close resumed>) = 0 [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5926] read(200, [pid 5922] <... openat resumed>) = 4 [pid 5919] <... openat resumed>) = 3 [pid 5926] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... munmap resumed>) = 0 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [pid 5927] <... mmap resumed>) = 0x7f2016e00000 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5919] chdir("./file1" [pid 5926] write(1, "executing program\n", 18 [pid 5919] <... chdir resumed>) = 0 [pid 5926] <... write resumed>) = 18 [pid 5919] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5926] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] <... futex resumed>) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... mmap resumed>) = 0x7f201f215000 [pid 5926] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5919] symlink(NULL, NULL./strace-static-x86_64: Process 5929 attached [pid 5918] <... futex resumed>) = 0 [pid 5929] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5926] <... clone3 resumed> => {parent_tid=[12]}, 88) = 12 [pid 5919] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... rseq resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] set_robust_list(0x7f201f2359a0, 24 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... set_robust_list resumed>) = 0 [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] readlink("./file0", [pid 5918] <... futex resumed>) = 0 [pid 5929] memfd_create("syzkaller", 0 [pid 5919] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] creat("./file0", 0160 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5922] <... ioctl resumed>) = 0 [pid 5919] <... creat resumed>) = 4 [pid 5929] <... memfd_create resumed>) = 3 [pid 5923] <... openat resumed>) = 4 [pid 5922] close(3 [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5922] <... close resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [ 76.650370][ T5919] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 76.681863][ T5922] loop2: detected capacity change from 0 to 32768 [pid 5918] <... futex resumed>) = 0 [pid 5929] <... mmap resumed>) = 0x7f2016e00000 [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5922] close(4 [pid 5923] <... ioctl resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5919] creat(NULL, 000 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] close(3 [pid 5922] mkdir("./file1", 0777 [pid 5923] <... close resumed>) = 0 [pid 5923] close(4 [pid 5922] <... mkdir resumed>) = 0 [pid 5919] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5923] <... close resumed>) = 0 [pid 5922] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5923] mkdir("./file1", 0777 [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5923] <... mkdir resumed>) = 0 [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... openat resumed>) = 5 [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] memfd_create("syzkaller", 0 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5919] <... memfd_create resumed>) = 6 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 76.698181][ T5923] loop1: detected capacity change from 0 to 32768 [ 76.714631][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 76.714646][ T29] audit: type=1804 audit(1733213254.333:17): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/3/file1/file0" dev="loop4" ino=17058 res=1 errno=0 [pid 5919] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [ 76.758061][ T5922] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 76.779508][ T5923] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 76.793927][ T5922] JBD2: Ignoring recovery information on journal [pid 5919] munmap(0x7f2016e00000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 76.844700][ T5923] JBD2: Ignoring recovery information on journal [ 76.874457][ T5922] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [pid 5919] close(6 [pid 5927] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5922] <... mount resumed>) = 0 [pid 5929] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5923] <... mount resumed>) = 0 [pid 5919] <... close resumed>) = 0 [pid 5919] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5918] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] <... mkdir resumed>) = 0 [pid 5919] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./file1") = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5922] symlink(NULL, NULL [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... openat resumed>) = 3 [ 76.904042][ T5923] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [pid 5927] <... write resumed>) = 16777216 [pid 5923] chdir("./file1" [pid 5922] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5927] munmap(0x7f2016e00000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5923] <... chdir resumed>) = 0 [pid 5922] readlink("./file0", [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... openat resumed>) = 4 [pid 5923] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5922] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [ 76.971200][ T5919] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 77.005276][ T5927] loop3: detected capacity change from 0 to 32768 [ 77.011869][ T5919] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5927] close(3 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... close resumed>) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./file1", 0777) = 0 [pid 5927] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5922] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] symlink(NULL, NULL [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5922] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5922] creat("./file0", 0160 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... creat resumed>) = 4 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... futex resumed>) = 0 [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] creat(NULL, 000 [pid 5923] readlink("./file0", NULL, 0) = -1 EINVAL (Invalid argument) [pid 5921] <... futex resumed>) = 0 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... creat resumed>) = -1 EFAULT (Bad address) [ 77.029098][ T5927] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 77.039374][ T5919] OCFS2: File system is now read-only. [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] creat("./file0", 0160 [pid 5920] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5922] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... openat resumed>) = 5 [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] memfd_create("syzkaller", 0 [pid 5921] <... futex resumed>) = 0 [pid 5922] <... memfd_create resumed>) = 6 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f1f4000 [pid 5920] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} => {parent_tid=[12]}, 88) = 12 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.074469][ T29] audit: type=1804 audit(1733213254.673:18): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/3/file1/file0" dev="loop2" ino=17058 res=1 errno=0 [ 77.093527][ T5919] (syz-executor218,5919,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 77.106025][ T5919] (syz-executor218,5919,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 77.117158][ T5927] JBD2: Ignoring recovery information on journal [pid 5920] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5935 attached [pid 5923] <... creat resumed>) = 4 [pid 5935] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... rseq resumed>) = 0 [pid 5923] <... futex resumed>) = 0 [pid 5935] set_robust_list(0x7f201f2149a0, 24 [pid 5923] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... set_robust_list resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] creat(NULL, 000 [pid 5919] +++ killed by SIGSEGV (core dumped) +++ [pid 5935] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5929] <... write resumed>) = 16777216 [pid 5922] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5918] <... futex resumed>) = ? [pid 5935] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] munmap(0x7f2016e00000, 138412032 [pid 5918] +++ killed by SIGSEGV (core dumped) +++ [ 77.119473][ T5919] (syz-executor218,5919,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 77.134285][ T5919] (syz-executor218,5919,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 77.142856][ T5919] (syz-executor218,5919,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 77.153111][ T5919] (syz-executor218,5919,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5935] <... futex resumed>) = 0 [pid 5922] <... write resumed>) = 4194304 [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10, si_uid=0, si_status=SIGSEGV, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] munmap(0x7f2016e00000, 138412032 [pid 5920] <... futex resumed>) = 1 [pid 5922] <... munmap resumed>) = 0 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5935] futex(0x7f201fb106d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] <... munmap resumed>) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5923] <... futex resumed>) = 0 [pid 5927] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5927] <... openat resumed>) = 3 [pid 5923] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5922] close(6 [pid 5927] chdir("./file1") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] symlink(NULL, NULL [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] readlink("./file0", [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] creat("./file0", 0160 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... openat resumed>) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3 [pid 5923] <... openat resumed>) = 5 [pid 5830] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] <... creat resumed>) = 4 [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] creat(NULL, 000 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... openat resumed>) = 5 [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] memfd_create("syzkaller", 0 [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... memfd_create resumed>) = 6 [pid 5925] <... futex resumed>) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5927] <... mmap resumed>) = 0x7f2016e00000 [ 77.192181][ T5927] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 77.212290][ T5929] loop0: detected capacity change from 0 to 32768 [ 77.212538][ T29] audit: type=1804 audit(1733213254.823:19): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/3/file1/file0" dev="loop1" ino=17058 res=1 errno=0 [pid 5922] <... close resumed>) = 0 [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] <... ioctl resumed>) = 0 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] close(3 [pid 5923] <... futex resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5923] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] close(4) = 0 [pid 5929] mkdir("./file1", 0777) = 0 [pid 5929] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5922] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5923] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5923] memfd_create("syzkaller", 0 [pid 5922] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5921] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5830] <... openat resumed>) = 3 [pid 5923] <... memfd_create resumed>) = 6 [pid 5921] <... futex resumed>) = 0 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] <... mkdir resumed>) = 0 [pid 5921] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] newfstatat(3, "", [pid 5923] <... mmap resumed>) = 0x7f2016c00000 [ 77.250659][ T29] audit: type=1804 audit(1733213254.853:20): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/3/file1/file0" dev="loop3" ino=17058 res=1 errno=0 [ 77.272881][ T5929] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [pid 5922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5927] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5830] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5830] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/cgroup") = 0 [pid 5830] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/cgroup.cpu") = 0 [pid 5830] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/cgroup.net") = 0 [pid 5830] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/binderfs") = 0 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] <... write resumed>) = 4194304 [pid 5923] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5830] <... umount2 resumed>) = 0 [pid 5927] munmap(0x7f2016e00000, 138412032 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./3/file1", [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 77.306311][ T5929] JBD2: Ignoring recovery information on journal [ 77.323589][ T5830] ocfs2: Unmounting device (7,4) on (node local) [ 77.330972][ T5922] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5927] close(6 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./3/file1") = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./3") = 0 [pid 5830] mkdir("./4", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5927] <... close resumed>) = 0 [ 77.356384][ T5922] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 77.367401][ T5922] OCFS2: File system is now read-only. [ 77.373029][ T5922] (syz-executor218,5922,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5927] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5927] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5927] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5925] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] <... mkdir resumed>) = 0 [pid 5927] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5923] <... write resumed>) = 4194304 [pid 5929] <... mount resumed>) = 0 [ 77.407904][ T5929] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 77.424441][ T5922] (syz-executor218,5922,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [pid 5929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 77.451383][ T5922] (syz-executor218,5922,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 77.461554][ T5922] (syz-executor218,5922,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 77.466649][ T5927] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 77.471013][ T5922] (syz-executor218,5922,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 77.489211][ T5134] Bluetooth: hci4: command tx timeout [pid 5929] chdir("./file1" [pid 5830] <... close resumed>) = 0 [pid 5929] <... chdir resumed>) = 0 [pid 5923] munmap(0x7f2016c00000, 138412032 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565b3a690) = 12 [pid 5923] <... munmap resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5939 attached [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] close(6 [pid 5939] set_robust_list(0x555565b3a6a0, 24 [pid 5929] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5939] chdir("./4" [pid 5929] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] +++ killed by SIGSEGV (core dumped) +++ [pid 5939] <... chdir resumed>) = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5939] <... prctl resumed>) = 0 [pid 5939] setpgid(0, 0 [pid 5929] symlink(NULL, NULL [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... setpgid resumed>) = 0 [pid 5939] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5929] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5929] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... symlink resumed>) = 0 [pid 5939] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5929] readlink("./file0", [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... symlink resumed>) = 0 [pid 5929] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5939] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5929] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... symlink resumed>) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5929] creat("./file0", 0160 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5939] write(1, "executing program\n", 18 [pid 5929] <... creat resumed>) = 4 [pid 5923] <... close resumed>) = 0 [pid 5939] <... write resumed>) = 18 [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5923] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5920] <... futex resumed>) = 0 [pid 5923] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5920] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... mmap resumed>) = 0x7f201f215000 [pid 5923] <... mkdir resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5939] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5920] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] <... mprotect resumed>) = 0 [pid 5929] creat(NULL, 000 [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5929] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5926] <... futex resumed>) = 0 [pid 5939] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5921] <... futex resumed>) = ? [pid 5929] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... openat resumed>) = 5 [pid 5926] <... futex resumed>) = 0 [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5929] memfd_create("syzkaller", 0 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5929] <... memfd_create resumed>) = 6 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 77.501844][ T5927] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 77.503267][ T5922] (syz-executor218,5922,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 77.534362][ T5927] OCFS2: File system is now read-only. [pid 5929] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5921] +++ killed by SIGSEGV (core dumped) +++ [pid 5929] <... write resumed>) = 4194304 ./strace-static-x86_64: Process 5940 attached [pid 5939] <... clone3 resumed> => {parent_tid=[13]}, 88) = 13 [pid 5929] munmap(0x7f2016e00000, 138412032 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5940] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] <... munmap resumed>) = 0 [pid 5940] <... rseq resumed>) = 0 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 77.541660][ T29] audit: type=1804 audit(1733213255.153:21): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/3/file1/file0" dev="loop0" ino=17058 res=1 errno=0 [ 77.563530][ T5927] (syz-executor218,5927,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 77.573014][ T5927] (syz-executor218,5927,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 77.583191][ T5927] (syz-executor218,5927,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 77.593231][ T5927] (syz-executor218,5927,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5940] set_robust_list(0x7f201f2359a0, 24 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 77.595104][ T5923] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 77.601875][ T5927] (syz-executor218,5927,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 77.620672][ T5923] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 77.639525][ T5923] OCFS2: File system is now read-only. [ 77.649926][ T5927] (syz-executor218,5927,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5939] <... futex resumed>) = 0 [pid 5929] close(6 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] <... futex resumed>) = ? [pid 5829] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] <... close resumed>) = 0 [pid 5927] +++ killed by SIGSEGV (core dumped) +++ [pid 5925] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10, si_uid=0, si_status=SIGSEGV, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- [pid 5829] newfstatat(3, "", [pid 5940] memfd_create("syzkaller", 0 [pid 5929] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [ 77.654324][ T5923] (syz-executor218,5923,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 77.671790][ T5923] (syz-executor218,5923,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 77.682133][ T5923] (syz-executor218,5923,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 77.691850][ T5923] (syz-executor218,5923,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5940] <... memfd_create resumed>) = 3 [pid 5929] <... futex resumed>) = 1 [pid 5829] getdents64(3, [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5940] <... mmap resumed>) = 0x7f2016e00000 [pid 5926] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5926] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = ? [pid 5831] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] <... futex resumed>) = ? [pid 5926] <... futex resumed>) = 1 [pid 5926] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] +++ killed by SIGSEGV (core dumped) +++ [pid 5929] <... futex resumed>) = 0 [pid 5923] +++ killed by SIGSEGV (core dumped) +++ [pid 5920] +++ killed by SIGSEGV (core dumped) +++ [pid 5929] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5929] <... mkdir resumed>) = 0 [pid 5826] restart_syscall(<... resuming interrupted clone ...> [pid 5829] newfstatat(AT_FDCWD, "./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(3, "", [pid 5829] unlink("./3/cgroup" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5826] <... restart_syscall resumed>) = 0 [pid 5831] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5829] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./3/cgroup.cpu", [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/cgroup", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] unlink("./3/cgroup.cpu") = 0 [pid 5826] <... openat resumed>) = 3 [pid 5829] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/cgroup.net", [pid 5826] newfstatat(3, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/cgroup.net" [pid 5826] getdents64(3, [pid 5831] unlink("./3/cgroup" [pid 5829] <... unlink resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] <... unlink resumed>) = 0 [pid 5829] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5826] newfstatat(AT_FDCWD, "./3/cgroup", [pid 5831] newfstatat(AT_FDCWD, "./3/cgroup.cpu", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/binderfs" [pid 5826] unlink("./3/cgroup" [pid 5831] unlink("./3/cgroup.cpu" [pid 5829] <... unlink resumed>) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./3/cgroup.cpu", [pid 5831] newfstatat(AT_FDCWD, "./3/cgroup.net", [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./3/cgroup.cpu" [pid 5831] unlink("./3/cgroup.net") = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5831] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./3/binderfs") = 0 [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.701087][ T5923] (syz-executor218,5923,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 77.710521][ T5923] (syz-executor218,5923,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5826] newfstatat(AT_FDCWD, "./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./3/cgroup.net") = 0 [pid 5826] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5829] <... umount2 resumed>) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] unlink("./3/binderfs" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./3/file1") = 0 [pid 5829] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./3") = 0 [pid 5829] mkdir("./4", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [ 77.762143][ T5829] ocfs2: Unmounting device (7,2) on (node local) [ 77.772911][ T5929] OCFS2: ERROR (device loop0): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 77.777401][ T5831] ocfs2: Unmounting device (7,3) on (node local) [ 77.802563][ T5929] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5829] close(3 [pid 5826] <... unlink resumed>) = 0 [pid 5826] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./3/file1") = 0 [pid 5831] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./3") = 0 [pid 5831] mkdir("./4", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5826] <... umount2 resumed>) = 0 [ 77.832618][ T5929] OCFS2: File system is now read-only. [ 77.851380][ T5826] ocfs2: Unmounting device (7,1) on (node local) [ 77.858280][ T5929] (syz-executor218,5929,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5831] <... openat resumed>) = 3 [pid 5826] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... ioctl resumed>) = 0 [pid 5826] newfstatat(AT_FDCWD, "./3/file1", [pid 5831] close(3 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5826] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5826] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5826] close(4) = 0 [pid 5826] rmdir("./3/file1") = 0 [pid 5826] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] close(3) = 0 [ 77.893662][ T5929] (syz-executor218,5929,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 77.924378][ T5929] (syz-executor218,5929,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [pid 5826] rmdir("./3") = 0 [pid 5826] mkdir("./4", 0777) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5826] ioctl(3, LOOP_CLR_FD) = 0 [ 77.960844][ T5929] (syz-executor218,5929,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 77.999309][ T5929] (syz-executor218,5929,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [pid 5826] close(3 [pid 5829] <... close resumed>) = 0 [pid 5940] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x555565b3a6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 12 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5941] chdir("./4") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5941] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5941] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 executing program [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5941] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5941] <... clone3 resumed> => {parent_tid=[13]}, 88) = 13 [pid 5942] <... rseq resumed>) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] set_robust_list(0x7f201f2359a0, 24 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... futex resumed>) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] memfd_create("syzkaller", 0) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5831] <... close resumed>) = 0 [pid 5929] +++ killed by SIGSEGV (core dumped) +++ [ 78.015918][ T5929] (syz-executor218,5929,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5940] <... write resumed>) = 16777216 [pid 5926] <... futex resumed>) = ? [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] <... close resumed>) = 0 [pid 5940] munmap(0x7f2016e00000, 138412032 [pid 5926] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] <... clone resumed>, child_tidptr=0x555565b3a690) = 12 [pid 5940] <... munmap resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=11, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5828] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5942] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216./strace-static-x86_64: Process 5943 attached [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5943] set_robust_list(0x555565b3a6a0, 24 [pid 5828] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5944 attached [pid 5943] <... set_robust_list resumed>) = 0 [pid 5944] set_robust_list(0x555565b3a6a0, 24 [pid 5943] chdir("./4" [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 13 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5943] <... chdir resumed>) = 0 [pid 5944] chdir("./4" [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5944] <... chdir resumed>) = 0 [pid 5943] <... prctl resumed>) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5943] setpgid(0, 0 [pid 5944] <... prctl resumed>) = 0 [pid 5943] <... setpgid resumed>) = 0 [pid 5944] setpgid(0, 0 [pid 5943] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5944] <... setpgid resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5944] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 5943] <... symlink resumed>) = 0 [pid 5944] <... symlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5943] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5944] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 5828] getdents64(3, [pid 5944] <... symlink resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5944] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 5943] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5828] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... symlink resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] newfstatat(AT_FDCWD, "./3/cgroup", [pid 5944] <... openat resumed>) = 3 [pid 5943] <... openat resumed>) = 3 [pid 5940] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5944] write(3, "1000", 4 [pid 5943] write(3, "1000", 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3 [pid 5828] unlink("./3/cgroup" [pid 5944] <... write resumed>) = 4 [pid 5943] <... write resumed>) = 4 [pid 5944] close(3 [pid 5943] close(3 [pid 5944] <... close resumed>) = 0 [pid 5943] <... close resumed>) = 0 [pid 5944] read(200, [pid 5943] read(200, [pid 5944] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] symlink("/dev/binderfs", "./binderfs" [pid 5943] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 5944] <... symlink resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5944] write(1, "executing program\n", 18 [pid 5943] write(1, "executing program\n", 18 [pid 5944] <... write resumed>) = 18 [pid 5943] <... write resumed>) = 18 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5944] <... mmap resumed>) = 0x7f201f215000 [pid 5943] <... mmap resumed>) = 0x7f201f215000 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5943] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] newfstatat(AT_FDCWD, "./3/cgroup.cpu", [pid 5944] <... mprotect resumed>) = 0 [pid 5943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5945 attached [], 8) = 0 [pid 5828] unlink("./3/cgroup.cpu" [pid 5945] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5943] <... clone3 resumed> => {parent_tid=[13]}, 88) = 13 [pid 5828] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5946 attached [pid 5945] <... rseq resumed>) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5945] set_robust_list(0x7f201f2359a0, 24 [pid 5944] <... clone3 resumed> => {parent_tid=[14]}, 88) = 14 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] <... rseq resumed>) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] newfstatat(AT_FDCWD, "./3/cgroup.net", [pid 5946] set_robust_list(0x7f201f2359a0, 24 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] unlink("./3/cgroup.net" [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] memfd_create("syzkaller", 0 [pid 5944] <... futex resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... memfd_create resumed>) = 3 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] memfd_create("syzkaller", 0 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] <... memfd_create resumed>) = 3 [pid 5945] <... mmap resumed>) = 0x7f2016e00000 [pid 5828] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./3/binderfs") = 0 [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... mmap resumed>) = 0x7f2016e00000 [pid 5940] <... ioctl resumed>) = 0 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5940] mkdir("./file1", 0777) = 0 [ 78.172702][ T5940] loop4: detected capacity change from 0 to 32768 [ 78.211526][ T5828] ocfs2: Unmounting device (7,0) on (node local) [pid 5940] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./3/file1") = 0 [pid 5828] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./3") = 0 [pid 5828] mkdir("./4", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [ 78.247064][ T5940] JBD2: Ignoring recovery information on journal [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached [pid 5945] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5942] <... write resumed>) = 16777216 [pid 5940] <... mount resumed>) = 0 [pid 5949] set_robust_list(0x555565b3a6a0, 24 [ 78.328500][ T5940] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [pid 5946] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 13 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5942] munmap(0x7f2016e00000, 138412032 [pid 5940] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5949] chdir("./4" [pid 5940] <... openat resumed>) = 3 [pid 5949] <... chdir resumed>) = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5949] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5949] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5949] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 5942] <... munmap resumed>) = 0 [pid 5949] <... mprotect resumed>) = 0 [pid 5940] chdir("./file1" [pid 5949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5940] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5950 attached [pid 5942] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5940] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5950] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5949] <... clone3 resumed> => {parent_tid=[14]}, 88) = 14 [pid 5950] <... rseq resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5950] set_robust_list(0x7f201f2359a0, 24 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] <... openat resumed>) = 4 [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 1 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] <... futex resumed>) = 0 [pid 5950] memfd_create("syzkaller", 0 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5950] <... memfd_create resumed>) = 3 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... futex resumed>) = 0 [pid 5940] symlink(NULL, NULL) = -1 EFAULT (Bad address) [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5940] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... futex resumed>) = 0 [pid 5940] readlink("./file0", NULL, 0) = -1 EINVAL (Invalid argument) [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] creat("./file0", 0160 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... ioctl resumed>) = 0 [pid 5940] <... creat resumed>) = 4 [pid 5942] close(3 [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... close resumed>) = 0 [pid 5942] close(4 [pid 5940] <... futex resumed>) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5940] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] mkdir("./file1", 0777 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... mkdir resumed>) = 0 [pid 5940] creat(NULL, 000 [pid 5942] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5940] <... creat resumed>) = -1 EFAULT (Bad address) [ 78.420477][ T5942] loop2: detected capacity change from 0 to 32768 [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5945] <... write resumed>) = 16777216 [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] munmap(0x7f2016e00000, 138412032 [pid 5940] <... futex resumed>) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5945] <... munmap resumed>) = 0 [ 78.487264][ T29] audit: type=1804 audit(1733213256.103:22): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/4/file1/file0" dev="loop4" ino=17058 res=1 errno=0 [ 78.497897][ T5942] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 78.523924][ T5942] JBD2: Ignoring recovery information on journal [pid 5940] memfd_create("syzkaller", 0 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5940] <... memfd_create resumed>) = 6 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5950] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5945] <... openat resumed>) = 4 [pid 5942] <... mount resumed>) = 0 [pid 5940] <... mmap resumed>) = 0x7f2016e00000 [pid 5946] <... write resumed>) = 16777216 [pid 5942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5946] munmap(0x7f2016e00000, 138412032) = 0 [pid 5942] <... openat resumed>) = 3 [pid 5940] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5946] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5942] chdir("./file1" [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... openat resumed>) = 4 [pid 5942] <... chdir resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 78.553816][ T5942] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 78.593071][ T5945] loop3: detected capacity change from 0 to 32768 [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... ioctl resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file1", 0777) = 0 [pid 5945] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5942] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... ioctl resumed>) = 0 [pid 5946] close(3 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... close resumed>) = 0 [pid 5946] close(4) = 0 [pid 5942] symlink(NULL, NULL [pid 5941] <... futex resumed>) = 0 [pid 5946] mkdir("./file1", 0777) = 0 [pid 5942] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] readlink("./file0", [pid 5941] <... futex resumed>) = 0 [pid 5946] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5942] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] creat("./file0", 0160 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... creat resumed>) = 4 [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] creat(NULL, 000 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [ 78.603629][ T5946] loop1: detected capacity change from 0 to 32768 [ 78.610659][ T5134] Bluetooth: hci0: command tx timeout [ 78.616296][ T54] Bluetooth: hci1: command tx timeout [ 78.617050][ T5945] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 78.621686][ T54] Bluetooth: hci2: command tx timeout [ 78.634763][ T5134] Bluetooth: hci3: command tx timeout [pid 5942] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5941] <... futex resumed>) = 1 [pid 5942] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... openat resumed>) = 5 [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5942] memfd_create("syzkaller", 0 [pid 5940] <... write resumed>) = 4194304 [pid 5942] <... memfd_create resumed>) = 6 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5940] munmap(0x7f2016e00000, 138412032) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.670837][ T29] audit: type=1804 audit(1733213256.283:23): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/4/file1/file0" dev="loop2" ino=17058 res=1 errno=0 [pid 5940] close(6 [pid 5942] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5940] <... close resumed>) = 0 [pid 5940] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... futex resumed>) = 0 [pid 5942] <... write resumed>) = 4194304 [pid 5939] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] munmap(0x7f2016e00000, 138412032) = 0 [ 78.718104][ T5946] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 78.734626][ T5945] JBD2: Ignoring recovery information on journal [ 78.752313][ T5946] JBD2: Ignoring recovery information on journal [pid 5942] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5940] <... futex resumed>) = 0 [pid 5939] <... futex resumed>) = 1 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5942] close(6 [pid 5950] <... write resumed>) = 16777216 [pid 5940] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5939] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] <... mount resumed>) = 0 [pid 5950] munmap(0x7f2016e00000, 138412032 [pid 5946] <... mount resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5942] <... close resumed>) = 0 [pid 5940] <... mkdir resumed>) = 0 [pid 5946] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5945] <... openat resumed>) = 3 [pid 5942] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5950] <... munmap resumed>) = 0 [pid 5946] <... openat resumed>) = 3 [pid 5945] chdir("./file1" [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5945] <... chdir resumed>) = 0 [pid 5950] <... openat resumed>) = 4 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] chdir("./file1" [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... chdir resumed>) = 0 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5942] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5941] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5945] symlink(NULL, NULL [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5945] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5942] <... mkdir resumed>) = 0 [pid 5945] readlink("./file0", [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5945] creat("./file0", 0160 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... creat resumed>) = 4 [pid 5942] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5946] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5946] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5946] symlink(NULL, NULL [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] creat(NULL, 000 [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5946] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5943] <... futex resumed>) = 0 [pid 5945] <... openat resumed>) = 5 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] <... futex resumed>) = 0 [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] memfd_create("syzkaller", 0 [pid 5943] <... futex resumed>) = 0 [pid 5945] <... memfd_create resumed>) = 6 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 78.788006][ T5946] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 78.799967][ T5945] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 78.825678][ T5950] loop0: detected capacity change from 0 to 32768 [pid 5946] <... futex resumed>) = 0 [pid 5950] <... ioctl resumed>) = 0 [pid 5945] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5950] close(3) = 0 [pid 5950] close(4) = 0 [pid 5950] mkdir("./file1", 0777) = 0 [pid 5950] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5946] readlink("./file0", NULL, 0) = -1 EINVAL (Invalid argument) [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [ 78.847343][ T29] audit: type=1804 audit(1733213256.453:24): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/4/file1/file0" dev="loop3" ino=17058 res=1 errno=0 [ 78.872868][ T5940] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=46000000} [pid 5946] creat("./file0", 0160) = 4 [ 78.893005][ T5940] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 78.898930][ T5950] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 78.905264][ T5940] OCFS2: File system is now read-only. [ 78.916311][ T5942] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 78.918858][ T5940] (syz-executor218,5940,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... write resumed>) = 4194304 [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5946] <... futex resumed>) = 0 [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] munmap(0x7f2016e00000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] close(6 [pid 5946] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5946] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5946] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [ 78.946891][ T5940] (syz-executor218,5940,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 78.957344][ T5940] (syz-executor218,5940,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 78.968679][ T5940] (syz-executor218,5940,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... openat resumed>) = 5 [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... close resumed>) = 0 [pid 5945] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5945] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5945] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] memfd_create("syzkaller", 0 [pid 5943] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5945] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5943] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... memfd_create resumed>) = 6 [pid 5945] <... mkdir resumed>) = 0 [pid 5939] <... futex resumed>) = ? [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 78.969836][ T29] audit: type=1804 audit(1733213256.583:25): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/4/file1/file0" dev="loop1" ino=17058 res=1 errno=0 [ 78.977486][ T5940] (syz-executor218,5940,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 79.008129][ T5940] (syz-executor218,5940,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 79.018954][ T5942] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 79.020399][ T5950] JBD2: Ignoring recovery information on journal [ 79.029046][ T5942] OCFS2: File system is now read-only. [pid 5946] <... mmap resumed>) = 0x7f2016e00000 [pid 5940] +++ killed by SIGSEGV (core dumped) +++ [pid 5939] +++ killed by SIGSEGV (core dumped) +++ [pid 5946] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=12, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5830] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 79.043017][ T5942] (syz-executor218,5942,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 79.060294][ T5945] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 79.069357][ T5942] (syz-executor218,5942,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [pid 5830] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5946] <... write resumed>) = 4194304 [pid 5830] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5946] munmap(0x7f2016e00000, 138412032 [ 79.096327][ T5945] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 79.110035][ T5945] OCFS2: File system is now read-only. [ 79.111993][ T5942] (syz-executor218,5942,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 79.116656][ T5950] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 79.125891][ T5942] (syz-executor218,5942,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5830] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5950] <... mount resumed>) = 0 [pid 5950] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5950] chdir("./file1") = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] <... futex resumed>) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./4/cgroup", [pid 5950] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] symlink(NULL, NULL [pid 5949] <... futex resumed>) = 0 [pid 5950] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] <... futex resumed>) = 0 [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] readlink("./file0", [pid 5949] <... futex resumed>) = 0 [pid 5950] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] <... futex resumed>) = 0 [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] creat("./file0", 0160 [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... creat resumed>) = 4 [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] <... futex resumed>) = ? [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 79.135226][ T5945] (syz-executor218,5945,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 79.144522][ T5942] (syz-executor218,5942,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 79.154366][ T5945] (syz-executor218,5945,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 79.161374][ T5942] (syz-executor218,5942,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 79.174853][ T5945] (syz-executor218,5945,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 79.188673][ T5945] (syz-executor218,5945,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5946] close(6 [pid 5942] +++ killed by SIGSEGV (core dumped) +++ [pid 5941] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] unlink("./4/cgroup" [pid 5950] creat(NULL, 000 [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5946] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... futex resumed>) = 1 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./4/cgroup.cpu") = 0 [pid 5830] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5949] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=12, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] +++ killed by SIGSEGV (core dumped) +++ [pid 5944] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./4/cgroup.net", [pid 5950] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 1 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5950] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5944] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] unlink("./4/cgroup.net" [pid 5946] <... mkdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5946] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5950] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5830] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5829] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=12, si_uid=0, si_status=SIGSEGV, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] unlink("./4/binderfs" [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/cgroup") = 0 [pid 5831] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/cgroup.cpu") = 0 [pid 5831] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/cgroup.net") = 0 [pid 5831] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/binderfs") = 0 [ 79.197333][ T5945] (syz-executor218,5945,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 79.206296][ T5945] (syz-executor218,5945,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 79.220389][ T29] audit: type=1804 audit(1733213256.833:26): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor218" name="/newroot/4/file1/file0" dev="loop0" ino=17058 res=1 errno=0 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] <... openat resumed>) = 5 [pid 5829] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5949] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] newfstatat(3, "", [pid 5949] <... futex resumed>) = 1 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5949] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5829] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5829] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/cgroup") = 0 [pid 5829] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/cgroup.cpu") = 0 [pid 5829] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/cgroup.net") = 0 [pid 5829] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/binderfs") = 0 [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] <... futex resumed>) = 0 [pid 5950] memfd_create("syzkaller", 0) = 6 [ 79.242285][ T5946] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 79.249783][ T5830] ocfs2: Unmounting device (7,4) on (node local) [ 79.263638][ T5946] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 79.277959][ T5946] OCFS2: File system is now read-only. [ 79.283454][ T5946] (syz-executor218,5946,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./4/file1") = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./4") = 0 [pid 5830] mkdir("./5", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [ 79.294369][ T5946] (syz-executor218,5946,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 79.304501][ T5946] (syz-executor218,5946,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 79.307954][ T5831] ocfs2: Unmounting device (7,3) on (node local) [ 79.320667][ T5946] (syz-executor218,5946,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 79.330945][ T5829] ocfs2: Unmounting device (7,2) on (node local) [ 79.334316][ T5946] (syz-executor218,5946,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [pid 5830] close(3 [pid 5829] <... umount2 resumed>) = 0 [pid 5950] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5944] <... futex resumed>) = ? [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./4/file1") = 0 [pid 5831] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./4") = 0 [pid 5831] mkdir("./5", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 79.352441][ T5946] (syz-executor218,5946,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5959 attached [pid 5944] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] newfstatat(AT_FDCWD, "./4/file1", [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=13, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5959] set_robust_list(0x555565b3a6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x555565b3a690) = 14 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... set_robust_list resumed>) = 0 [pid 5959] chdir("./5" [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5826] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5826] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5826] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... chdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5826] newfstatat(AT_FDCWD, "./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./4/cgroup") = 0 [pid 5826] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./4/cgroup.cpu") = 0 [pid 5826] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./4/cgroup.net") = 0 [pid 5826] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] unlink("./4/binderfs") = 0 [pid 5826] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5959] <... prctl resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5959] setpgid(0, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5959] <... setpgid resumed>) = 0 [pid 5829] getdents64(4, [pid 5959] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5829] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5959] <... symlink resumed>) = 0 [pid 5829] getdents64(4, [pid 5959] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5829] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5959] <... symlink resumed>) = 0 [pid 5829] close(4 [pid 5959] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5829] <... close resumed>) = 0 [pid 5959] <... symlink resumed>) = 0 [pid 5829] rmdir("./4/file1" [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... rmdir resumed>) = 0 [pid 5959] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5959] write(3, "1000", 4 [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5959] <... write resumed>) = 4 [pid 5829] close(3 [pid 5959] close(3 [pid 5829] <... close resumed>) = 0 [pid 5959] <... close resumed>) = 0 [pid 5829] rmdir("./4" [pid 5959] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... rmdir resumed>) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs" [pid 5829] mkdir("./5", 0777executing program [pid 5959] <... symlink resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5959] write(1, "executing program\n", 18 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5959] <... write resumed>) = 18 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... openat resumed>) = 3 [pid 5959] <... futex resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5829] <... ioctl resumed>) = 0 [pid 5959] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5829] close(3 [pid 5959] <... mprotect resumed>) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5826] <... umount2 resumed>) = 0 [pid 5950] <... write resumed>) = 4194304 ./strace-static-x86_64: Process 5960 attached [pid 5950] munmap(0x7f2016e00000, 138412032 [pid 5831] <... close resumed>) = 0 [pid 5826] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5959] <... clone3 resumed> => {parent_tid=[15]}, 88) = 15 [pid 5950] <... munmap resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... close resumed>) = 0 [pid 5960] <... rseq resumed>) = 0 [pid 5949] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 79.465799][ T5826] ocfs2: Unmounting device (7,1) on (node local) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5961 attached [pid 5960] set_robust_list(0x7f201f2359a0, 24 [pid 5949] futex(0x7f201fb106dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] newfstatat(AT_FDCWD, "./4/file1", ./strace-static-x86_64: Process 5962 attached [pid 5961] set_robust_list(0x555565b3a6a0, 24 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5949] <... futex resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 14 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5962] set_robust_list(0x555565b3a6a0, 24 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x555565b3a690) = 14 [pid 5826] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] <... set_robust_list resumed>) = 0 [pid 5961] chdir("./5" [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] <... mmap resumed>) = 0x7f201f1f4000 [pid 5961] <... chdir resumed>) = 0 [pid 5960] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5949] mprotect(0x7f201f1f5000, 131072, PROT_READ|PROT_WRITE [pid 5962] chdir("./5" [pid 5961] <... prctl resumed>) = 0 [pid 5949] <... mprotect resumed>) = 0 [pid 5826] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5962] <... chdir resumed>) = 0 [pid 5961] setpgid(0, 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5961] <... setpgid resumed>) = 0 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5826] <... openat resumed>) = 4 [pid 5962] <... prctl resumed>) = 0 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5949] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5826] newfstatat(4, "", [pid 5962] setpgid(0, 0 [pid 5961] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5950] close(6 [pid 5949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f214990, parent_tid=0x7f201f214990, exit_signal=0, stack=0x7f201f1f4000, stack_size=0x20300, tls=0x7f201f2146c0} [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5962] <... setpgid resumed>) = 0 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5962] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5961] <... symlink resumed>) = 0 [pid 5962] <... symlink resumed>) = 0 [pid 5962] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5962] symlink("/syzcgroup/net/syz3", "./cgroup.net"./strace-static-x86_64: Process 5963 attached [pid 5961] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5960] memfd_create("syzkaller", 0 [pid 5950] <... close resumed>) = 0 [pid 5826] getdents64(4, [pid 5950] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] rseq(0x7f201f214fe0, 0x20, 0, 0x53053053 [pid 5962] <... symlink resumed>) = 0 [pid 5961] <... symlink resumed>) = 0 [pid 5960] <... memfd_create resumed>) = 3 [pid 5949] <... clone3 resumed> => {parent_tid=[15]}, 88) = 15 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5963] <... rseq resumed>) = 0 [pid 5961] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5950] <... futex resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] getdents64(4, [pid 5963] set_robust_list(0x7f201f2149a0, 24 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] <... openat resumed>) = 3 [pid 5961] <... symlink resumed>) = 0 [pid 5960] <... mmap resumed>) = 0x7f2016e00000 [pid 5826] close(4 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] write(3, "1000", 4 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] futex(0x7f201fb106d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... close resumed>) = 0 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] <... write resumed>) = 4 [pid 5961] <... openat resumed>) = 3 [pid 5826] rmdir("./4/file1" [pid 5962] close(3 [pid 5949] <... futex resumed>) = 0 [pid 5963] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5962] <... close resumed>) = 0 [pid 5826] <... rmdir resumed>) = 0 [pid 5963] <... mkdir resumed>) = 0 [pid 5961] write(3, "1000", 4 [pid 5949] futex(0x7f201fb106dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5961] <... write resumed>) = 4 [pid 5963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5962] read(200, [pid 5961] close(3 [pid 5826] getdents64(3, [pid 5962] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] <... close resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs" [pid 5961] read(200, [pid 5826] close(3 [pid 5962] <... symlink resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5961] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 5962] write(1, "executing program\n", 18 [pid 5961] symlink("/dev/binderfs", "./binderfs" [pid 5826] rmdir("./4" [pid 5962] <... write resumed>) = 18 [pid 5961] <... symlink resumed>) = 0 executing program [pid 5826] <... rmdir resumed>) = 0 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] write(1, "executing program\n", 18 [pid 5826] mkdir("./5", 0777 [pid 5962] <... futex resumed>) = 0 [pid 5961] <... write resumed>) = 18 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... mkdir resumed>) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5961] <... futex resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5962] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5962] <... mprotect resumed>) = 0 [pid 5961] <... mmap resumed>) = 0x7f201f215000 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5961] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5962] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5961] <... mprotect resumed>) = 0 [pid 5826] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5964 attached [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5964] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5962] <... clone3 resumed> => {parent_tid=[15]}, 88) = 15 [pid 5961] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5964] <... rseq resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... ioctl resumed>) = 0 [pid 5964] set_robust_list(0x7f201f2359a0, 24 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5826] close(3 [pid 5964] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5965 attached [pid 5964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5961] <... clone3 resumed> => {parent_tid=[15]}, 88) = 15 [pid 5965] <... rseq resumed>) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] set_robust_list(0x7f201f2359a0, 24 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] <... futex resumed>) = 0 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... mmap resumed>) = 0x7f2016e00000 [pid 5962] <... futex resumed>) = 1 [pid 5960] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [ 79.637971][ T5963] OCFS2: ERROR (device loop0): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... close resumed>) = 0 [pid 5964] <... futex resumed>) = 0 [ 79.703213][ T5963] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 79.713170][ T5963] OCFS2: File system is now read-only. [ 79.718757][ T5963] (syz-executor218,5963,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 79.728069][ T5963] (syz-executor218,5963,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 79.737761][ T5963] (syz-executor218,5963,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [pid 5964] memfd_create("syzkaller", 0 [pid 5950] <... futex resumed>) = ? [pid 5949] <... futex resumed>) = ? [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached [pid 5964] <... memfd_create resumed>) = 3 [pid 5963] +++ killed by SIGSEGV (core dumped) +++ [pid 5950] +++ killed by SIGSEGV (core dumped) +++ [pid 5949] +++ killed by SIGSEGV (core dumped) +++ [pid 5966] set_robust_list(0x555565b3a6a0, 24 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 15 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5964] <... mmap resumed>) = 0x7f2016e00000 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=13, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5966] chdir("./5") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5966] <... setpgid resumed>) = 0 [pid 5966] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 5966] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 5966] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] write(1, "executing program\n", 18) = 18 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5966] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5966] <... clone3 resumed> => {parent_tid=[16]}, 88) = 16 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5967] <... rseq resumed>) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] set_robust_list(0x7f201f2359a0, 24 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... futex resumed>) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 79.747401][ T5963] (syz-executor218,5963,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 79.756145][ T5963] (syz-executor218,5963,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 79.765110][ T5963] (syz-executor218,5963,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5828] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5965] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5960] <... write resumed>) = 16777216 [pid 5828] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] munmap(0x7f2016e00000, 138412032) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5828] newfstatat(AT_FDCWD, "./4/cgroup", [pid 5964] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5960] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./4/cgroup") = 0 [pid 5828] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./4/cgroup.cpu") = 0 [pid 5828] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] close(4 [ 79.856004][ T5960] loop4: detected capacity change from 0 to 32768 [pid 5828] newfstatat(AT_FDCWD, "./4/cgroup.net", [pid 5960] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5960] mkdir("./file1", 0777 [pid 5828] unlink("./4/cgroup.net") = 0 [pid 5960] <... mkdir resumed>) = 0 [pid 5828] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./4/binderfs") = 0 [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./4/file1") = 0 [pid 5828] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5967] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5965] <... write resumed>) = 16777216 [ 79.939787][ T5828] ocfs2: Unmounting device (7,0) on (node local) [ 79.955677][ T5960] JBD2: Ignoring recovery information on journal [pid 5828] close(3 [pid 5965] munmap(0x7f2016e00000, 138412032) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./4") = 0 [pid 5828] mkdir("./5", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 5965] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5960] <... mount resumed>) = 0 [pid 5960] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5960] <... openat resumed>) = 3 [pid 5960] chdir("./file1") = 0 [pid 5965] <... ioctl resumed>) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] close(3 [pid 5959] <... futex resumed>) = 0 [pid 5965] <... close resumed>) = 0 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] close(4 [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5965] <... close resumed>) = 0 [pid 5960] symlink(NULL, NULL [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] mkdir("./file1", 0777 [pid 5960] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5965] <... mkdir resumed>) = 0 [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] mount("/dev/loop2", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [ 79.998776][ T5960] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 80.026715][ T5965] loop2: detected capacity change from 0 to 32768 [pid 5960] <... futex resumed>) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] readlink("./file0", [pid 5959] <... futex resumed>) = 0 [pid 5960] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] <... futex resumed>) = 0 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] creat("./file0", 0160 [pid 5959] <... futex resumed>) = 0 [pid 5960] <... creat resumed>) = 4 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] creat(NULL, 000 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... openat resumed>) = 5 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] memfd_create("syzkaller", 0 [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... memfd_create resumed>) = 6 [pid 5959] <... futex resumed>) = 0 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5960] <... mmap resumed>) = 0x7f2016e00000 [pid 5967] <... write resumed>) = 16777216 [ 80.079779][ T5965] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [pid 5967] munmap(0x7f2016e00000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5960] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5967] <... ioctl resumed>) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4) = 0 [pid 5967] mkdir("./file1", 0777) = 0 [pid 5967] mount("/dev/loop1", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5960] <... write resumed>) = 4194304 [ 80.122371][ T5965] JBD2: Ignoring recovery information on journal [ 80.131430][ T5967] loop1: detected capacity change from 0 to 32768 [pid 5960] munmap(0x7f2016e00000, 138412032 [pid 5964] <... write resumed>) = 16777216 [pid 5960] <... munmap resumed>) = 0 [pid 5964] munmap(0x7f2016e00000, 138412032 [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5964] <... munmap resumed>) = 0 [pid 5960] close(6 [ 80.170323][ T5967] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 80.197229][ T5965] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 80.207832][ T5964] loop3: detected capacity change from 0 to 32768 [ 80.207979][ T5967] JBD2: Ignoring recovery information on journal [pid 5964] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5965] <... mount resumed>) = 0 [pid 5964] <... openat resumed>) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5964] <... ioctl resumed>) = 0 [pid 5960] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5965] <... openat resumed>) = 3 [pid 5964] close(3 [pid 5965] chdir("./file1" [pid 5964] <... close resumed>) = 0 [pid 5960] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5965] <... chdir resumed>) = 0 [pid 5964] close(4 [pid 5960] <... futex resumed>) = 1 [pid 5964] <... close resumed>) = 0 [pid 5964] mkdir("./file1", 0777) = 0 [pid 5959] <... futex resumed>) = 0 [pid 5964] mount("/dev/loop3", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5959] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5960] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5960] <... mkdir resumed>) = 0 [pid 5959] <... futex resumed>) = 0 [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5965] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] <... futex resumed>) = 0 [pid 5965] symlink(NULL, NULL [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5828] <... clone resumed>, child_tidptr=0x555565b3a690) = 16 ./strace-static-x86_64: Process 5973 attached [pid 5965] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5973] set_robust_list(0x555565b3a6a0, 24 [pid 5965] readlink("./file0", [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5965] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5961] <... futex resumed>) = 0 [pid 5973] chdir("./5" [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... chdir resumed>) = 0 [pid 5965] <... futex resumed>) = 0 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... prctl resumed>) = 0 [pid 5965] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = 1 [pid 5973] setpgid(0, 0 [pid 5965] creat("./file0", 0160 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... setpgid resumed>) = 0 [pid 5973] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5967] <... mount resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5973] <... symlink resumed>) = 0 [pid 5973] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5965] <... creat resumed>) = 4 [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5965] creat(NULL, 000 [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5961] <... futex resumed>) = 0 [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... symlink resumed>) = 0 [pid 5965] <... openat resumed>) = 5 [pid 5961] <... futex resumed>) = 0 [pid 5973] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... symlink resumed>) = 0 [pid 5965] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] <... openat resumed>) = 3 [pid 5965] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... openat resumed>) = 3 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] <... futex resumed>) = 0 [pid 5973] write(3, "1000", 4 [pid 5965] memfd_create("syzkaller", 0 [ 80.247734][ T5967] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 80.259622][ T5964] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 80.269737][ T5960] OCFS2: ERROR (device loop4): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000}executing program [pid 5973] <... write resumed>) = 4 [pid 5967] chdir("./file1" [pid 5965] <... memfd_create resumed>) = 6 [pid 5973] close(3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5973] <... close resumed>) = 0 [pid 5967] <... chdir resumed>) = 0 [pid 5965] <... mmap resumed>) = 0x7f2016e00000 [pid 5973] read(200, [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5973] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] symlink("/dev/binderfs", "./binderfs" [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... symlink resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5973] write(1, "executing program\n", 18 [pid 5967] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... write resumed>) = 18 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] symlink(NULL, NULL [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 0 [pid 5967] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... mmap resumed>) = 0x7f201f215000 [pid 5967] <... futex resumed>) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5973] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5967] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... mprotect resumed>) = 0 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5973] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5967] readlink("./file0", [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5967] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5973] <... clone3 resumed> => {parent_tid=[17]}, 88) = 17 [pid 5967] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] creat("./file0", 0160 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... creat resumed>) = 4 [pid 5973] <... futex resumed>) = 0 [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] creat(NULL, 000 [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5976 attached [pid 5967] <... openat resumed>) = 5 [pid 5966] <... futex resumed>) = 0 [pid 5976] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... rseq resumed>) = 0 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] set_robust_list(0x7f201f2359a0, 24 [pid 5967] memfd_create("syzkaller", 0 [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5967] <... memfd_create resumed>) = 6 [pid 5966] <... futex resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] <... mmap resumed>) = 0x7f2016e00000 [pid 5976] memfd_create("syzkaller", 0) = 3 [ 80.288984][ T5960] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 80.299929][ T5960] OCFS2: File system is now read-only. [ 80.305452][ T5960] (syz-executor218,5960,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 80.314854][ T5960] (syz-executor218,5960,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 80.324495][ T5960] (syz-executor218,5960,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 80.334068][ T5960] (syz-executor218,5960,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [pid 5959] <... futex resumed>) = ? [pid 5960] +++ killed by SIGSEGV (core dumped) +++ [pid 5959] +++ killed by SIGSEGV (core dumped) +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=14, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 5830] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5830] umount2("./5/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./5/cgroup") = 0 [pid 5830] umount2("./5/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./5/cgroup.cpu") = 0 [pid 5830] umount2("./5/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./5/cgroup.net") = 0 [pid 5965] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5830] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5967] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./5/binderfs") = 0 [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] <... write resumed>) = 4194304 [ 80.342673][ T5960] (syz-executor218,5960,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 80.351562][ T5960] (syz-executor218,5960,1):ocfs2_write_begin:1905 ERROR: status = -30 [ 80.376648][ T5964] JBD2: Ignoring recovery information on journal [pid 5967] munmap(0x7f2016e00000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5967] close(6 [pid 5830] <... umount2 resumed>) = 0 [pid 5967] <... close resumed>) = 0 [pid 5967] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5967] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5966] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... write resumed>) = 4194304 [pid 5967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5965] munmap(0x7f2016e00000, 138412032 [pid 5830] newfstatat(4, "", [pid 5965] <... munmap resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./5/file1") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] getdents64(3, [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... getdents64 resumed>0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./5") = 0 [pid 5830] mkdir("./6", 0777) = 0 [pid 5965] close(6 [pid 5830] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5964] <... mount resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5964] chdir("./file1") = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.409757][ T5830] ocfs2: Unmounting device (7,4) on (node local) [ 80.440286][ T5964] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5976] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... close resumed>) = 0 [pid 5965] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5964] symlink(NULL, NULL [pid 5961] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = 1 [pid 5965] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5961] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... mkdir resumed>) = 0 [pid 5965] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5964] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [ 80.486965][ T5967] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 80.538911][ T5965] OCFS2: ERROR (device loop2): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 80.554315][ T5967] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 80.557904][ T5965] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 80.579351][ T5965] OCFS2: File system is now read-only. [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] readlink("./file0", [pid 5962] <... futex resumed>) = 0 [pid 5964] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] creat("./file0", 0160 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... creat resumed>) = 4 [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5964] creat(NULL, 000 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... openat resumed>) = 5 [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5964] memfd_create("syzkaller", 0 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5964] <... memfd_create resumed>) = 6 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2016e00000 [ 80.584886][ T5965] (syz-executor218,5965,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 80.589646][ T5967] OCFS2: File system is now read-only. [ 80.594085][ T5965] (syz-executor218,5965,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 80.609444][ T5965] (syz-executor218,5965,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 80.619144][ T5965] (syz-executor218,5965,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 80.628258][ T5965] (syz-executor218,5965,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [pid 5961] <... futex resumed>) = ? [pid 5965] +++ killed by SIGSEGV (core dumped) +++ [pid 5961] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=14, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5830] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5829] umount2("./5/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./5/cgroup") = 0 [pid 5829] umount2("./5/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./5/cgroup.cpu") = 0 [pid 5829] umount2("./5/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/cgroup.net", [pid 5964] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./5/cgroup.net") = 0 [pid 5829] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./5/binderfs") = 0 [pid 5829] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached , child_tidptr=0x555565b3a690) = 16 [ 80.637112][ T5965] (syz-executor218,5965,0):ocfs2_write_begin:1905 ERROR: status = -30 [ 80.652965][ T5967] (syz-executor218,5967,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 80.662909][ T5967] (syz-executor218,5967,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 80.672976][ T5967] (syz-executor218,5967,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 80.681460][ T5829] ocfs2: Unmounting device (7,2) on (node local) [pid 5978] set_robust_list(0x555565b3a6a0, 24) = 0 [pid 5978] chdir("./6") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5966] <... futex resumed>) = ? [pid 5978] <... prctl resumed>) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5967] +++ killed by SIGSEGV (core dumped) +++ [pid 5966] +++ killed by SIGSEGV (core dumped) +++ [pid 5829] <... umount2 resumed>) = 0 [pid 5978] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5978] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=15, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5826] restart_syscall(<... resuming interrupted clone ...> [pid 5978] <... symlink resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] <... restart_syscall resumed>) = 0 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3 [pid 5826] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] <... close resumed>) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5978] read(200, [pid 5826] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5978] <... read resumed>0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... openat resumed>) = 3 [pid 5978] symlink("/dev/binderfs", "./binderfs" [pid 5826] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5978] <... symlink resumed>) = 0 executing program [pid 5829] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] getdents64(3, [pid 5978] write(1, "executing program\n", 18 [pid 5826] <... getdents64 resumed>0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5978] <... write resumed>) = 18 [pid 5826] umount2("./5/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./5/cgroup", [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5978] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE [pid 5826] unlink("./5/cgroup" [pid 5978] <... mprotect resumed>) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5826] umount2("./5/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5978] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5826] newfstatat(AT_FDCWD, "./5/cgroup.cpu", [pid 5978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5979 attached [pid 5826] unlink("./5/cgroup.cpu" [pid 5979] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5978] <... clone3 resumed> => {parent_tid=[17]}, 88) = 17 [pid 5826] <... unlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] umount2("./5/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] <... rseq resumed>) = 0 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] newfstatat(AT_FDCWD, "./5/file1", [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5979] set_robust_list(0x7f201f2359a0, 24 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] newfstatat(AT_FDCWD, "./5/cgroup.net", [pid 5979] <... set_robust_list resumed>) = 0 [pid 5978] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] <... futex resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] unlink("./5/cgroup.net" [pid 5979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5826] <... unlink resumed>) = 0 [pid 5979] memfd_create("syzkaller", 0 [pid 5829] <... openat resumed>) = 4 [pid 5826] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] <... memfd_create resumed>) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5979] <... mmap resumed>) = 0x7f2016e00000 [pid 5826] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] newfstatat(4, "", [pid 5826] unlink("./5/binderfs" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... unlink resumed>) = 0 [pid 5829] getdents64(4, [pid 5826] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./5/file1") = 0 [pid 5829] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./5") = 0 [pid 5829] mkdir("./6", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [ 80.682873][ T5967] (syz-executor218,5967,0):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 80.698391][ T5967] (syz-executor218,5967,0):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 80.707661][ T5967] (syz-executor218,5967,0):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5829] close(3 [pid 5964] <... write resumed>) = 4194304 [pid 5964] munmap(0x7f2016e00000, 138412032 [pid 5826] <... umount2 resumed>) = 0 [pid 5964] <... munmap resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5964] close(6 [pid 5826] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5826] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5826] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5826] getdents64(4, 0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5826] getdents64(4, [pid 5964] <... close resumed>) = 0 [pid 5826] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5826] close(4) = 0 [pid 5826] rmdir("./5/file1") = 0 [pid 5826] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5826] close(3) = 0 [pid 5826] rmdir("./5") = 0 [pid 5826] mkdir("./6", 0777) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5826] ioctl(3, LOOP_CLR_FD) = 0 [pid 5826] close(3 [pid 5964] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [ 80.777856][ T5826] ocfs2: Unmounting device (7,1) on (node local) [pid 5964] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5964] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5976] <... write resumed>) = 16777216 [pid 5976] munmap(0x7f2016e00000, 138412032) = 0 [pid 5829] <... close resumed>) = 0 [pid 5979] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5826] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5976] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5980 attached [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... clone resumed>, child_tidptr=0x555565b3a690) = 16 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x555565b3a6a0, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555565b3a690) = 17 [ 80.882776][ T5964] OCFS2: ERROR (device loop3): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 9 used bits, but a count shows 8 [ 80.918890][ T5964] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [pid 5981] <... set_robust_list resumed>) = 0 [pid 5981] chdir("./6") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 5981] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 5981] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] set_robust_list(0x555565b3a6a0, 24 [pid 5976] <... ioctl resumed>) = 0 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5976] close(3 [pid 5980] chdir("./6" [pid 5976] <... close resumed>) = 0 [pid 5980] <... chdir resumed>) = 0 [pid 5976] close(4 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5976] <... close resumed>) = 0 [pid 5980] <... prctl resumed>) = 0 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5981] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5982 attached [pid 5980] setpgid(0, 0 [pid 5976] mkdir("./file1", 0777 [pid 5982] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5980] <... setpgid resumed>) = 0 [pid 5982] <... rseq resumed>) = 0 [pid 5976] <... mkdir resumed>) = 0 [pid 5981] <... clone3 resumed> => {parent_tid=[18]}, 88) = 18 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] set_robust_list(0x7f201f2359a0, 24 [pid 5980] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5976] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] <... symlink resumed>) = 0 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5981] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5981] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5980] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] <... symlink resumed>) = 0 [pid 5982] memfd_create("syzkaller", 0 [pid 5980] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5982] <... memfd_create resumed>) = 3 [pid 5980] <... symlink resumed>) = 0 [ 80.930725][ T5976] loop0: detected capacity change from 0 to 32768 [ 80.937100][ T5964] OCFS2: File system is now read-only. [ 80.950150][ T5964] (syz-executor218,5964,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 80.961679][ T5964] (syz-executor218,5964,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30 [ 80.962933][ T5976] JBD2: Ignoring recovery information on journal [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5982] <... mmap resumed>) = 0x7f2016e00000 [pid 5980] <... openat resumed>) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5980] write(1, "executing program\n", 18) = 18 [pid 5980] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5980] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0}./strace-static-x86_64: Process 5984 attached [pid 5962] <... futex resumed>) = ? [pid 5964] +++ killed by SIGSEGV (core dumped) +++ [pid 5962] +++ killed by SIGSEGV (core dumped) +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=14, si_uid=0, si_status=SIGSEGV, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- [pid 5984] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053 [pid 5980] <... clone3 resumed> => {parent_tid=[17]}, 88) = 17 [pid 5831] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 80.972942][ T5964] (syz-executor218,5964,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 80.988885][ T5964] (syz-executor218,5964,1):ocfs2_lock_allocators:2749 ERROR: status = -30 [ 80.998422][ T5964] (syz-executor218,5964,1):ocfs2_write_begin_nolock:1742 ERROR: status = -30 [ 81.009475][ T5964] (syz-executor218,5964,1):ocfs2_write_begin:1905 ERROR: status = -30 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5984] <... rseq resumed>) = 0 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] getdents64(3, 0x555565b3b850 /* 7 entries */, 32768) = 208 [pid 5831] umount2("./5/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/cgroup") = 0 [pid 5831] umount2("./5/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/cgroup.cpu") = 0 [pid 5831] umount2("./5/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/cgroup.net") = 0 [pid 5831] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/binderfs") = 0 [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] <... mount resumed>) = 0 [pid 5976] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5976] chdir("./file1") = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] set_robust_list(0x7f201f2359a0, 24 [pid 5980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] <... set_robust_list resumed>) = 0 [ 81.055048][ T5976] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5980] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5980] <... futex resumed>) = 0 [pid 5979] <... write resumed>) = 16777216 [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5973] <... futex resumed>) = 1 [pid 5976] symlink(NULL, NULL [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... symlink resumed>) = -1 EFAULT (Bad address) [pid 5979] munmap(0x7f2016e00000, 138412032 [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] <... futex resumed>) = 0 [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] <... futex resumed>) = 0 [pid 5976] readlink("./file0", [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... readlink resumed>NULL, 0) = -1 EINVAL (Invalid argument) [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] <... futex resumed>) = 0 [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] <... futex resumed>) = 0 [pid 5976] creat("./file0", 0160 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... creat resumed>) = 4 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5979] <... munmap resumed>) = 0 [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = 0 [pid 5984] memfd_create("syzkaller", 0 [pid 5979] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5976] <... futex resumed>) = 1 [pid 5979] <... openat resumed>) = 4 [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] <... futex resumed>) = 0 [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] <... memfd_create resumed>) = 3 [pid 5979] ioctl(4, LOOP_SET_FD, 3 [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5976] <... futex resumed>) = 0 [pid 5973] <... futex resumed>) = 1 [pid 5984] <... mmap resumed>) = 0x7f2016e00000 [pid 5976] creat(NULL, 000 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(AT_FDCWD, "./5/file1", [pid 5976] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... futex resumed>) = 1 [pid 5973] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 4 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] <... futex resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5976] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5976] <... openat resumed>) = 5 [pid 5831] getdents64(4, [pid 5979] <... ioctl resumed>) = 0 [pid 5976] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x555565b43890 /* 2 entries */, 32768) = 48 [pid 5979] close(3 [pid 5976] <... futex resumed>) = 1 [pid 5973] <... futex resumed>) = 0 [pid 5831] getdents64(4, [pid 5979] <... close resumed>) = 0 [pid 5979] close(4 [pid 5976] futex(0x7f201fb106c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x555565b43890 /* 0 entries */, 32768) = 0 [pid 5979] <... close resumed>) = 0 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5973] <... futex resumed>) = 0 [pid 5831] close(4 [pid 5976] memfd_create("syzkaller", 0 [pid 5973] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=250000000} [pid 5831] <... close resumed>) = 0 [pid 5976] <... memfd_create resumed>) = 6 [pid 5831] rmdir("./5/file1" [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5976] <... mmap resumed>) = 0x7f2016e00000 [pid 5831] getdents64(3, 0x555565b3b850 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./5") = 0 [pid 5831] mkdir("./6", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5979] mkdir("./file1", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5979] <... mkdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [ 81.122124][ T5831] ocfs2: Unmounting device (7,3) on (node local) [ 81.150980][ T5979] loop4: detected capacity change from 0 to 32768 [pid 5979] mount("/dev/loop4", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noa"... [pid 5831] <... close resumed>) = 0 [pid 5976] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached [pid 5987] set_robust_list(0x555565b3a6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x555565b3a690) = 16 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] chdir("./6") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5987] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5987] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] read(200, 0x7ffc88018cc0, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5987] write(1, "executing program\n", 18) = 18 [pid 5987] futex(0x7f201fb106cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201f215000 [pid 5987] mprotect(0x7f201f216000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201f235990, parent_tid=0x7f201f235990, exit_signal=0, stack=0x7f201f215000, stack_size=0x20300, tls=0x7f201f2356c0} => {parent_tid=[17]}, 88) = 17 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5987] futex(0x7f201fb106c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.224937][ T5979] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [pid 5987] futex(0x7f201fb106cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5988 attached [pid 5984] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 [pid 5988] rseq(0x7f201f235fe0, 0x20, 0, 0x53053053) = 0 [pid 5976] <... write resumed>) = 4194304 [pid 5976] munmap(0x7f2016e00000, 138412032) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5976] close(6 [pid 5988] set_robust_list(0x7f201f2359a0, 24) = 0