./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1807250230 <...> Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. execve("./syz-executor1807250230", ["./syz-executor1807250230"], 0x7ffe122a4760 /* 10 vars */) = 0 brk(NULL) = 0x555580574000 brk(0x555580574d00) = 0x555580574d00 arch_prctl(ARCH_SET_FS, 0x555580574380) = 0 set_tid_address(0x555580574650) = 5061 set_robust_list(0x555580574660, 24) = 0 rseq(0x555580574ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1807250230", 4096) = 28 getrandom("\xd5\x9d\x86\x75\xd2\x89\x2b\x2d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555580574d00 brk(0x555580595d00) = 0x555580595d00 brk(0x555580596000) = 0x555580596000 mprotect(0x7f122489f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x555580574650) = 5062 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] set_robust_list(0x555580574660, 24) = 0 ./strace-static-x86_64: Process 5063 attached [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] set_robust_list(0x555580574660, 24) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5061] <... clone resumed>, child_tidptr=0x555580574650) = 5063 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5062] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5063] close(3 [pid 5062] close(3./strace-static-x86_64: Process 5064 attached [pid 5061] <... clone resumed>, child_tidptr=0x555580574650) = 5064 [pid 5064] set_robust_list(0x555580574660, 24 [pid 5063] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5066 attached ./strace-static-x86_64: Process 5065 attached [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5061] <... clone resumed>, child_tidptr=0x555580574650) = 5066 [pid 5066] set_robust_list(0x555580574660, 24 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] set_robust_list(0x555580574660, 24 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555580574650) = 5065 [pid 5066] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5067 attached [pid 5061] <... clone resumed>, child_tidptr=0x555580574650) = 5068 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] set_robust_list(0x555580574660, 24 [pid 5064] close(3 [pid 5063] <... clone resumed>, child_tidptr=0x555580574650) = 5067 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5064] <... close resumed>) = 0 ./strace-static-x86_64: Process 5068 attached [pid 5066] <... openat resumed>) = 3 [pid 5065] <... prctl resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5070 attached [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] set_robust_list(0x555580574660, 24 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] <... prctl resumed>) = 0 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5065] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555580574650) = 5070 [pid 5070] set_robust_list(0x555580574660, 24 [pid 5067] setpgid(0, 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] close(3 [pid 5065] write(3, "1000", 4 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5067] <... setpgid resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] <... prctl resumed>) = 0 [pid 5065] <... write resumed>) = 4 [pid 5070] setpgid(0, 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] close(3 [pid 5067] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] write(3, "1000", 4./strace-static-x86_64: Process 5071 attached [pid 5070] <... setpgid resumed>) = 0 [pid 5067] <... write resumed>) = 4 [pid 5068] close(3 [pid 5065] <... close resumed>) = 0 [pid 5071] set_robust_list(0x555580574660, 24 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] close(3 [pid 5068] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555580574650) = 5071 [pid 5070] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] memfd_create("syzkaller", 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] write(3, "1000", 4) = 4 [pid 5065] <... memfd_create resumed>) = 3 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] close(3 [pid 5067] memfd_create("syzkaller", 0 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] <... prctl resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5067] <... memfd_create resumed>) = 3 [pid 5065] <... mmap resumed>) = 0x7f121c200000 ./strace-static-x86_64: Process 5072 attached [pid 5071] setpgid(0, 0 [pid 5070] memfd_create("syzkaller", 0 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5072] set_robust_list(0x555580574660, 24 [pid 5067] <... mmap resumed>) = 0x7f121c200000 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... setpgid resumed>) = 0 [pid 5070] <... memfd_create resumed>) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x555580574650) = 5072 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5072] <... prctl resumed>) = 0 [pid 5072] setpgid(0, 0 [pid 5070] <... mmap resumed>) = 0x7f121c200000 [pid 5071] <... openat resumed>) = 3 [pid 5072] <... setpgid resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5071] write(3, "1000", 4 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] <... write resumed>) = 4 [pid 5072] <... memfd_create resumed>) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5071] close(3) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5065] <... write resumed>) = 524288 [pid 5067] <... write resumed>) = 524288 [pid 5067] munmap(0x7f121c200000, 138412032 [pid 5072] <... write resumed>) = 524288 [pid 5067] <... munmap resumed>) = 0 [pid 5072] munmap(0x7f121c200000, 138412032 [pid 5071] <... write resumed>) = 524288 [pid 5070] <... write resumed>) = 524288 [pid 5065] munmap(0x7f121c200000, 138412032 [pid 5071] munmap(0x7f121c200000, 138412032 [pid 5072] <... munmap resumed>) = 0 [pid 5070] munmap(0x7f121c200000, 138412032 [pid 5067] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... munmap resumed>) = 0 [pid 5071] <... munmap resumed>) = 0 [pid 5070] <... munmap resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] ioctl(4, LOOP_SET_FD, 3 [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5072] <... openat resumed>) = 4 [pid 5070] <... openat resumed>) = 4 [pid 5071] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3 [pid 5071] ioctl(4, LOOP_SET_FD, 3 [pid 5070] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... ioctl resumed>) = 0 [pid 5065] ioctl(4, LOOP_SET_FD, 3 [pid 5072] <... ioctl resumed>) = 0 [pid 5072] close(3 [pid 5067] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5070] <... ioctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] close(3 [pid 5072] close(4 [pid 5071] close(3 [pid 5070] close(3 [pid 5065] <... close resumed>) = 0 [pid 5067] close(4 [pid 5071] <... close resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] close(4 [pid 5067] mkdir("./file0", 0777 [pid 5065] <... close resumed>) = 0 [pid 5072] mkdir("./file0", 0777 [pid 5071] close(4 [pid 5065] mkdir("./file0", 0777 [pid 5070] close(4) = 0 [ 75.518991][ T5067] loop1: detected capacity change from 0 to 1024 [ 75.535387][ T5072] loop4: detected capacity change from 0 to 1024 [ 75.543335][ T5065] loop0: detected capacity change from 0 to 1024 [ 75.545568][ T5071] loop3: detected capacity change from 0 to 1024 [ 75.551426][ T5070] loop2: detected capacity change from 0 to 1024 [pid 5070] mkdir("./file0", 0777 [pid 5071] <... close resumed>) = 0 [pid 5071] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5072] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5070] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5067] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5072] mount("/dev/loop4", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5071] mount("/dev/loop3", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5070] mount("/dev/loop2", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [ 75.605250][ T5072] ======================================================= [ 75.605250][ T5072] WARNING: The mand mount option has been deprecated and [ 75.605250][ T5072] and is ignored by this kernel. Remove the mand [ 75.605250][ T5072] option from the mount to silence this warning. [ 75.605250][ T5072] ======================================================= [pid 5065] mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5067] mount("/dev/loop1", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5072] <... mount resumed>) = -1 EIO (Input/output error) [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5072] ioctl(3, LOOP_CLR_FD) = 0 [pid 5072] close(3) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5071] <... mount resumed>) = -1 EIO (Input/output error) [pid 5070] <... mount resumed>) = -1 EIO (Input/output error) [pid 5072] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5067] <... mount resumed>) = -1 EIO (Input/output error) [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5070] <... openat resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5071] <... openat resumed>) = 3 [pid 5067] <... openat resumed>) = 3 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] <... mount resumed>) = -1 EIO (Input/output error) [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 75.656436][ T5072] hfsplus: xattr search failed [ 75.665865][ T5070] hfsplus: xattr search failed [ 75.677816][ T5071] hfsplus: xattr search failed [ 75.691620][ T5067] hfsplus: xattr search failed [ 75.698936][ T5065] hfsplus: xattr search failed [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5072] <... ioctl resumed>) = 0 [pid 5070] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5072] exit_group(0 [pid 5071] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5065] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5072] <... exit_group resumed>) = ? [pid 5067] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ [pid 5070] close(3 [pid 5067] close(3 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5071] close(3 [pid 5070] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5071] <... close resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5070] <... openat resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5072] +++ exited with 0 +++ [pid 5071] <... openat resumed>) = 3 [pid 5070] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5067] <... openat resumed>) = 3 [pid 5071] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5062] <... ioctl resumed>) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 5070] <... ioctl resumed>) = 0 [pid 5067] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] close(3) = 0 [pid 5071] exit_group(0 [pid 5070] exit_group(0 [pid 5067] <... ioctl resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... exit_group resumed>) = ? [pid 5070] <... exit_group resumed>) = ? [pid 5067] exit_group(0./strace-static-x86_64: Process 5076 attached [pid 5071] +++ exited with 0 +++ [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... exit_group resumed>) = ? [pid 5076] set_robust_list(0x555580574660, 24 [pid 5067] +++ exited with 0 +++ [pid 5068] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555580574650) = 5076 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5076] <... prctl resumed>) = 0 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5076] setpgid(0, 0 [pid 5066] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] <... setpgid resumed>) = 0 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] +++ exited with 0 +++ [pid 5068] close(3 [pid 5066] <... openat resumed>) = 3 [pid 5063] <... restart_syscall resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5063] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5076] write(3, "1000", 4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... write resumed>) = 4 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5066] close(3 [ 75.767149][ T5069] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [pid 5076] close(3) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555580574660, 24) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... clone resumed>, child_tidptr=0x555580574650) = 5077 [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] close(3 [pid 5077] write(3, "1000", 4 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... clone resumed>, child_tidptr=0x555580574650) = 5078 [pid 5077] <... write resumed>) = 4 [pid 5077] close(3./strace-static-x86_64: Process 5078 attached ) = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5078] set_robust_list(0x555580574660, 24./strace-static-x86_64: Process 5080 attached ./strace-static-x86_64: Process 5079 attached ) = 0 [pid 5077] memfd_create("syzkaller", 0 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... clone resumed>, child_tidptr=0x555580574650) = 5079 [pid 5079] set_robust_list(0x555580574660, 24 [pid 5077] <... memfd_create resumed>) = 3 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] <... mmap resumed>) = 0x7f121c200000 [pid 5080] set_robust_list(0x555580574660, 24 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5076] <... mmap resumed>) = 0x7f121c200000 [pid 5064] <... clone resumed>, child_tidptr=0x555580574650) = 5080 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] <... prctl resumed>) = 0 [pid 5078] <... prctl resumed>) = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] setpgid(0, 0 [pid 5078] setpgid(0, 0) = 0 [pid 5079] <... setpgid resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] <... openat resumed>) = 3 [pid 5080] <... prctl resumed>) = 0 [pid 5079] write(3, "1000", 4 [pid 5080] setpgid(0, 0 [pid 5079] <... write resumed>) = 4 [pid 5080] <... setpgid resumed>) = 0 [pid 5079] close(3 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] <... close resumed>) = 0 [pid 5079] memfd_create("syzkaller", 0 [pid 5080] <... openat resumed>) = 3 [pid 5080] write(3, "1000", 4 [pid 5079] <... memfd_create resumed>) = 3 [pid 5078] write(3, "1000", 4 [pid 5080] <... write resumed>) = 4 [pid 5080] close(3) = 0 [pid 5078] <... write resumed>) = 4 [pid 5080] memfd_create("syzkaller", 0 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5078] close(3 [pid 5077] <... write resumed>) = 524288 [pid 5079] <... mmap resumed>) = 0x7f121c200000 [pid 5080] <... memfd_create resumed>) = 3 [pid 5078] <... close resumed>) = 0 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5078] memfd_create("syzkaller", 0 [pid 5080] <... mmap resumed>) = 0x7f121c200000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5078] <... memfd_create resumed>) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5079] <... write resumed>) = 524288 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5077] munmap(0x7f121c200000, 138412032 [pid 5076] <... write resumed>) = 524288 [pid 5079] munmap(0x7f121c200000, 138412032 [pid 5077] <... munmap resumed>) = 0 [pid 5079] <... munmap resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3 [pid 5076] munmap(0x7f121c200000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5080] <... write resumed>) = 524288 [pid 5080] munmap(0x7f121c200000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5076] <... openat resumed>) = 4 [pid 5080] <... openat resumed>) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 5078] <... write resumed>) = 524288 [pid 5076] ioctl(4, LOOP_SET_FD, 3 [pid 5078] munmap(0x7f121c200000, 138412032 [pid 5077] <... ioctl resumed>) = 0 [pid 5077] close(3) = 0 [pid 5079] <... ioctl resumed>) = 0 [pid 5077] close(4 [pid 5079] close(3 [pid 5077] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5077] mkdir("./file0", 0777 [pid 5079] close(4 [pid 5077] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5079] <... close resumed>) = 0 [pid 5077] mount("/dev/loop1", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5079] mkdir("./file0", 0777 [ 75.917504][ T5077] loop1: detected capacity change from 0 to 1024 [ 75.928743][ T5079] loop4: detected capacity change from 0 to 1024 [ 75.949668][ T5080] loop2: detected capacity change from 0 to 1024 [ 75.960161][ T5076] loop0: detected capacity change from 0 to 1024 [pid 5078] <... munmap resumed>) = 0 [pid 5080] <... ioctl resumed>) = 0 [pid 5079] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5076] <... ioctl resumed>) = 0 [pid 5080] close(3 [pid 5078] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] close(3 [pid 5080] <... close resumed>) = 0 [pid 5080] close(4 [pid 5079] mount("/dev/loop4", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5078] <... openat resumed>) = 4 [pid 5076] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5076] close(4 [pid 5080] mkdir("./file0", 0777 [pid 5076] <... close resumed>) = 0 [pid 5080] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5078] ioctl(4, LOOP_SET_FD, 3 [pid 5076] mkdir("./file0", 0777 [pid 5080] mount("/dev/loop2", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5076] <... mkdir resumed>) = -1 EEXIST (File exists) [ 75.976448][ T5077] hfsplus: xattr search failed [pid 5076] mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5077] <... mount resumed>) = -1 EIO (Input/output error) [pid 5077] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5077] ioctl(3, LOOP_CLR_FD) = 0 [pid 5077] close(3) = 0 [pid 5078] <... ioctl resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5078] close(3 [pid 5077] <... openat resumed>) = 3 [pid 5078] <... close resumed>) = 0 [pid 5078] close(4 [pid 5077] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5078] <... close resumed>) = 0 [pid 5078] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 76.000698][ T5078] loop3: detected capacity change from 0 to 1024 [ 76.016810][ T5079] hfsplus: xattr search failed [pid 5078] mount("/dev/loop3", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5079] <... mount resumed>) = -1 EIO (Input/output error) [pid 5079] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5079] ioctl(3, LOOP_CLR_FD) = 0 [pid 5079] close(3) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5079] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5080] <... mount resumed>) = -1 EIO (Input/output error) [pid 5080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5080] ioctl(3, LOOP_CLR_FD) = 0 [pid 5080] close(3) = 0 [ 76.042198][ T5080] hfsplus: xattr search failed [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5077] <... ioctl resumed>) = 0 [pid 5080] <... openat resumed>) = 3 [pid 5077] exit_group(0 [pid 5080] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048) = 0 [pid 5079] <... ioctl resumed>) = 0 [pid 5077] <... exit_group resumed>) = ? [pid 5080] exit_group(0 [pid 5079] exit_group(0 [pid 5078] <... mount resumed>) = -1 EIO (Input/output error) [pid 5077] +++ exited with 0 +++ [pid 5079] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5080] <... exit_group resumed>) = ? [ 76.072600][ T5078] hfsplus: xattr search failed [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5080] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x555580574660, 24) = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0 [pid 5078] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x555580574650) = 5082 [pid 5082] <... setpgid resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5082] <... openat resumed>) = 3 [pid 5078] <... openat resumed>) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5082] write(3, "1000", 4 [pid 5068] <... clone resumed>, child_tidptr=0x555580574650) = 5083 [pid 5083] set_robust_list(0x555580574660, 24 [pid 5082] <... write resumed>) = 4 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] close(3 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] <... close resumed>) = 0 [pid 5083] <... prctl resumed>) = 0 [pid 5082] memfd_create("syzkaller", 0 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5063] <... openat resumed>) = 3 [pid 5083] setpgid(0, 0 [pid 5082] <... memfd_create resumed>) = 3 [pid 5078] <... ioctl resumed>) = 0 [pid 5083] <... setpgid resumed>) = 0 [pid 5078] close(3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5078] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5063] close(3) = 0 [ 76.101751][ T5076] hfsplus: xattr search failed [pid 5083] <... openat resumed>) = 3 [pid 5082] <... mmap resumed>) = 0x7f121c200000 [pid 5078] <... openat resumed>) = 3 [pid 5076] <... mount resumed>) = -1 EIO (Input/output error) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5078] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] set_robust_list(0x555580574660, 24 [pid 5078] <... ioctl resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] write(3, "1000", 4 [pid 5078] exit_group(0 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5063] <... clone resumed>, child_tidptr=0x555580574650) = 5084 [pid 5078] <... exit_group resumed>) = ? [pid 5076] <... ioctl resumed>) = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] <... write resumed>) = 4 [pid 5083] close(3 [pid 5084] <... prctl resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5078] +++ exited with 0 +++ [pid 5076] close(3 [pid 5084] setpgid(0, 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5066] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5084] <... setpgid resumed>) = 0 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5076] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3 [pid 5082] <... write resumed>) = 524288 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... openat resumed>) = 3 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDONLY./strace-static-x86_64: Process 5085 attached [pid 5084] write(3, "1000", 4 [pid 5076] <... openat resumed>) = 3 [pid 5084] <... write resumed>) = 4 [pid 5085] set_robust_list(0x555580574660, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555580574650) = 5085 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] close(3 [pid 5076] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5084] <... close resumed>) = 0 [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] setpgid(0, 0 [pid 5084] memfd_create("syzkaller", 0 [pid 5076] exit_group(0 [pid 5085] <... setpgid resumed>) = 0 [pid 5084] <... memfd_create resumed>) = 3 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... openat resumed>) = 3 [pid 5084] <... mmap resumed>) = 0x7f121c200000 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5082] munmap(0x7f121c200000, 138412032 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... munmap resumed>) = 0 [pid 5085] <... mmap resumed>) = 0x7f121c200000 [pid 5082] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5082] <... openat resumed>) = 4 [pid 5076] <... exit_group resumed>) = ? [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5083] <... write resumed>) = 524288 [pid 5082] ioctl(4, LOOP_SET_FD, 3 [pid 5076] +++ exited with 0 +++ [pid 5083] munmap(0x7f121c200000, 138412032 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] <... munmap resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5083] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] <... restart_syscall resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5084] <... write resumed>) = 524288 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5084] munmap(0x7f121c200000, 138412032 [pid 5062] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5062] close(3 [pid 5082] <... ioctl resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5084] <... munmap resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached [pid 5084] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5082] close(3 [pid 5084] <... openat resumed>) = 4 [pid 5082] <... close resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555580574650) = 5086 [pid 5082] close(4) = 0 [pid 5082] mkdir("./file0", 0777 [pid 5086] set_robust_list(0x555580574660, 24 [pid 5085] <... write resumed>) = 524288 [pid 5082] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5086] <... set_robust_list resumed>) = 0 [pid 5084] ioctl(4, LOOP_SET_FD, 3 [pid 5082] mount("/dev/loop2", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 76.215861][ T5082] loop2: detected capacity change from 0 to 1024 [ 76.235153][ T5083] loop4: detected capacity change from 0 to 1024 [ 76.259758][ T5084] loop1: detected capacity change from 0 to 1024 [pid 5086] setpgid(0, 0 [pid 5085] munmap(0x7f121c200000, 138412032 [pid 5083] <... ioctl resumed>) = 0 [pid 5085] <... munmap resumed>) = 0 [pid 5083] close(3 [pid 5086] <... setpgid resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5083] close(4 [ 76.280288][ T5082] hfsplus: xattr search failed [pid 5086] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] <... close resumed>) = 0 [pid 5086] write(3, "1000", 4 [pid 5084] <... ioctl resumed>) = 0 [pid 5082] <... mount resumed>) = -1 EIO (Input/output error) [pid 5086] <... write resumed>) = 4 [pid 5084] close(3 [pid 5086] close(3) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5084] <... close resumed>) = 0 [pid 5083] mkdir("./file0", 0777 [pid 5082] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] memfd_create("syzkaller", 0 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5084] close(4 [pid 5083] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5082] <... openat resumed>) = 3 [pid 5086] <... memfd_create resumed>) = 3 [pid 5084] <... close resumed>) = 0 [pid 5083] mount("/dev/loop4", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5084] mkdir("./file0", 0777 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5086] <... mmap resumed>) = 0x7f121c200000 [pid 5085] close(3 [pid 5084] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5082] <... ioctl resumed>) = 0 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5085] <... close resumed>) = 0 [pid 5084] mount("/dev/loop1", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5082] close(3) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5085] close(4 [pid 5082] <... openat resumed>) = 3 [pid 5085] <... close resumed>) = 0 [pid 5082] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5085] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5085] mount("/dev/loop3", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5083] <... mount resumed>) = -1 EIO (Input/output error) [pid 5064] <... openat resumed>) = 3 [ 76.301038][ T5085] loop3: detected capacity change from 0 to 1024 [ 76.337068][ T5083] hfsplus: xattr search failed [ 76.340862][ T5084] hfsplus: xattr search failed [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5084] <... mount resumed>) = -1 EIO (Input/output error) [pid 5083] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... openat resumed>) = 3 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 5087 attached [pid 5086] <... write resumed>) = 524288 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5087] set_robust_list(0x555580574660, 24 [pid 5086] munmap(0x7f121c200000, 138412032 [pid 5084] <... ioctl resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5064] <... clone resumed>, child_tidptr=0x555580574650) = 5087 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] <... munmap resumed>) = 0 [pid 5084] close(3 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] <... close resumed>) = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5087] <... prctl resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5087] setpgid(0, 0 [pid 5084] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5087] <... setpgid resumed>) = 0 [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3) = 0 [pid 5085] <... mount resumed>) = -1 EIO (Input/output error) [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] close(4 [pid 5085] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5086] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5087] <... openat resumed>) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5087] write(3, "1000", 4) = 4 [pid 5086] mkdir("./file0", 0777 [pid 5087] close(3) = 0 [pid 5086] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5086] mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [ 76.395319][ T5086] loop0: detected capacity change from 0 to 1024 [ 76.407926][ T5085] hfsplus: xattr search failed [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5083] <... ioctl resumed>) = 0 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5085] <... ioctl resumed>) = 0 [pid 5084] <... ioctl resumed>) = 0 [pid 5084] exit_group(0) = ? [ 76.437392][ T5074] I/O error, dev loop4, sector 32 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 76.465183][ T28] ================================================================== [ 76.473307][ T28] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0x7d4/0x1cf0 [ 76.480912][ T28] Write of size 2048 at addr ffff888028fa6000 by task kworker/u8:2/28 [ 76.489100][ T28] [ 76.491464][ T28] CPU: 0 PID: 28 Comm: kworker/u8:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 76.501123][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 76.511210][ T28] Workqueue: loop0 loop_rootcg_workfn [ 76.516644][ T28] Call Trace: [ 76.520038][ T28] [ 76.523025][ T28] dump_stack_lvl+0x241/0x360 [ 76.527752][ T28] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.532988][ T28] ? __pfx__printk+0x10/0x10 [ 76.537620][ T28] ? _printk+0xd5/0x120 [ 76.539102][ T5087] loop2: detected capacity change from 0 to 1024 [ 76.541810][ T28] ? __virt_addr_valid+0x183/0x520 [ 76.553291][ T28] ? __virt_addr_valid+0x183/0x520 [ 76.558530][ T28] print_report+0x169/0x550 [ 76.563066][ T28] ? __virt_addr_valid+0x183/0x520 [ 76.568216][ T28] ? __virt_addr_valid+0x183/0x520 [ 76.573368][ T28] ? __virt_addr_valid+0x44e/0x520 [ 76.578528][ T28] ? __phys_addr+0xba/0x170 [ 76.583074][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [pid 5084] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5085] close(3 [pid 5063] <... openat resumed>) = 3 [pid 5085] <... close resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5085] <... openat resumed>) = 3 [pid 5063] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5063] close(3 [pid 5085] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5063] <... close resumed>) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5085] exit_group(0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5088 attached [pid 5063] <... clone resumed>, child_tidptr=0x555580574650) = 5088 [pid 5088] set_robust_list(0x555580574660, 24) = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] +++ exited with 0 +++ [pid 5088] <... prctl resumed>) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5087] <... write resumed>) = 524288 [pid 5083] close(3 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5087] munmap(0x7f121c200000, 138412032) = 0 [pid 5088] <... openat resumed>) = 3 [pid 5088] write(3, "1000", 4 [pid 5087] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3 [pid 5088] <... write resumed>) = 4 [pid 5088] close(3) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5087] <... ioctl resumed>) = 0 [pid 5087] close(3) = 0 [pid 5087] close(4) = 0 [pid 5087] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5087] mount("/dev/loop2", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5088] munmap(0x7f121c200000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580574650) = 5089 [pid 5088] <... ioctl resumed>) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [ 76.588036][ T28] kasan_report+0x143/0x180 [ 76.592581][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [ 76.597467][ T28] kasan_check_range+0x282/0x290 [ 76.600005][ T5088] loop1: detected capacity change from 0 to 1024 [ 76.602420][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [ 76.614171][ T28] __asan_memcpy+0x40/0x70 [ 76.618634][ T28] _copy_to_iter+0x7d4/0x1cf0 [ 76.623355][ T28] ? __pfx__copy_to_iter+0x10/0x10 [ 76.628651][ T28] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [pid 5088] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5088] mount("/dev/loop1", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, ""./strace-static-x86_64: Process 5089 attached [ 76.634501][ T28] ? page_copy_sane+0x46/0x260 [ 76.639307][ T28] copy_page_to_iter+0xb1/0x160 [ 76.644352][ T28] shmem_file_read_iter+0x4cb/0xa50 [ 76.649757][ T28] ? __pfx_shmem_file_read_iter+0x10/0x10 [ 76.655536][ T28] do_iter_readv_writev+0x5a4/0x800 [ 76.660787][ T28] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 76.666548][ T28] ? rw_verify_area+0x405/0x580 [ 76.671640][ T28] vfs_iter_read+0x152/0x420 [ 76.676992][ T28] loop_process_work+0xcfb/0x1e60 [ 76.680189][ T5088] hfsplus: xattr search failed [pid 5089] set_robust_list(0x555580574660, 24) = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5088] <... mount resumed>) = -1 EIO (Input/output error) [ 76.682481][ T28] ? mark_lock+0x9a/0x350 [ 76.691634][ T28] ? __pfx_loop_process_work+0x10/0x10 [ 76.695056][ T5087] hfsplus: xattr search failed [ 76.697137][ T28] ? __pfx_lock_acquire+0x10/0x10 [ 76.697167][ T28] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.697192][ T28] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.719416][ T28] ? process_scheduled_works+0x91b/0x1770 [ 76.725177][ T28] process_scheduled_works+0xa00/0x1770 [ 76.730781][ T28] ? __pfx_process_scheduled_works+0x10/0x10 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5089] <... mmap resumed>) = 0x7f121c200000 [pid 5088] <... openat resumed>) = 3 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5088] ioctl(3, LOOP_CLR_FD [pid 5087] <... mount resumed>) = -1 EIO (Input/output error) [pid 5087] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5087] ioctl(3, LOOP_CLR_FD) = 0 [pid 5087] close(3) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5087] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5089] <... write resumed>) = 524288 [pid 5087] <... ioctl resumed>) = 0 [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] munmap(0x7f121c200000, 138412032) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555580574650) = 5090 [pid 5089] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 76.737320][ T28] ? assign_work+0x364/0x3d0 [ 76.742209][ T28] worker_thread+0x86d/0xd70 [ 76.746848][ T28] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.752799][ T28] ? __kthread_parkme+0x169/0x1d0 [ 76.757863][ T28] ? __pfx_worker_thread+0x10/0x10 [ 76.763022][ T28] kthread+0x2f0/0x390 [ 76.767177][ T28] ? __pfx_worker_thread+0x10/0x10 [ 76.772333][ T28] ? __pfx_kthread+0x10/0x10 [ 76.776963][ T28] ret_from_fork+0x4b/0x80 [ 76.781426][ T28] ? __pfx_kthread+0x10/0x10 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 5090 attached [pid 5089] close(3 [pid 5090] set_robust_list(0x555580574660, 24 [pid 5089] <... close resumed>) = 0 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] close(4 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... close resumed>) = 0 [pid 5090] <... prctl resumed>) = 0 [pid 5089] mkdir("./file0", 0777 [pid 5090] setpgid(0, 0) = 0 [pid 5089] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5089] mount("/dev/loop3", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "" [pid 5090] <... openat resumed>) = 3 [ 76.786053][ T28] ret_from_fork_asm+0x1a/0x30 [ 76.790867][ T28] [ 76.790999][ T5089] loop3: detected capacity change from 0 to 1024 [ 76.793889][ T28] [ 76.793896][ T28] Allocated by task 5086: [ 76.806903][ T28] kasan_save_track+0x3f/0x80 [ 76.811609][ T28] __kasan_kmalloc+0x98/0xb0 [ 76.816218][ T28] __kmalloc+0x233/0x4a0 [ 76.820507][ T28] hfsplus_read_wrapper+0x613/0x1340 [ 76.825832][ T28] hfsplus_fill_super+0x38e/0x1ca0 [ 76.830997][ T28] mount_bdev+0x20a/0x2d0 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f121c200000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5089] <... mount resumed>) = -1 EIO (Input/output error) [pid 5090] <... write resumed>) = 524288 [pid 5089] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5089] ioctl(3, LOOP_CLR_FD [ 76.834427][ T5089] hfsplus: xattr search failed [ 76.835344][ T28] legacy_get_tree+0xee/0x190 [ 76.844818][ T28] vfs_get_tree+0x90/0x2a0 [ 76.849267][ T28] do_new_mount+0x2be/0xb40 [ 76.853798][ T28] __se_sys_mount+0x2d9/0x3c0 [ 76.858595][ T28] do_syscall_64+0xfb/0x240 [ 76.863132][ T28] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.869067][ T28] [ 76.871421][ T28] The buggy address belongs to the object at ffff888028fa6000 [ 76.871421][ T28] which belongs to the cache kmalloc-512 of size 512 [pid 5090] munmap(0x7f121c200000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] close(4) = 0 [pid 5090] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 76.885504][ T28] The buggy address is located 0 bytes inside of [ 76.885504][ T28] allocated 512-byte region [ffff888028fa6000, ffff888028fa6200) [ 76.898290][ T5090] loop2: detected capacity change from 0 to 1024 [ 76.899469][ T28] [ 76.899477][ T28] The buggy address belongs to the physical page: [ 76.899487][ T28] page:ffffea0000a3e900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28fa4 [ 76.899513][ T28] head:ffffea0000a3e900 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.930238][ T5090] hfsplus: xattr search failed [pid 5090] mount("/dev/loop2", "./file0", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_POSIXACL|MS_I_VERSION, "") = -1 EIO (Input/output error) [pid 5090] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 76.933742][ T28] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 76.946522][ T28] page_type: 0xffffffff() [ 76.950888][ T28] raw: 00fff00000000840 ffff888014c41c80 dead000000000100 dead000000000122 [ 76.959502][ T28] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 76.968105][ T28] page dumped because: kasan: bad access detected [ 76.974537][ T28] page_owner tracks the page as allocated [ 76.980260][ T28] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25780901845, free_ts 0 [ 76.999998][ T28] post_alloc_hook+0x1ea/0x210 [ 77.004777][ T28] get_page_from_freelist+0x33ea/0x3580 [ 77.010342][ T28] __alloc_pages+0x256/0x680 [ 77.014959][ T28] alloc_slab_page+0x5f/0x160 [ 77.019640][ T28] new_slab+0x84/0x2f0 [ 77.023749][ T28] ___slab_alloc+0xc73/0x1260 [ 77.028463][ T28] __kmalloc+0x2e5/0x4a0 [ 77.032826][ T28] pkcs1pad_verify+0x10b/0x600 [ 77.037611][ T28] crypto_sig_verify+0x211/0x2b0 [ 77.042550][ T28] public_key_verify_signature+0x573/0x790 [ 77.048410][ T28] x509_check_for_self_signed+0x324/0x420 [ 77.054132][ T28] x509_cert_parse+0x5b9/0x7c0 [ 77.058908][ T28] x509_key_preparse+0x65/0x680 [ 77.063777][ T28] asymmetric_key_preparse+0xb5/0x160 [ 77.069155][ T28] __key_create_or_update+0x481/0xc70 [ 77.074535][ T28] key_create_or_update+0x42/0x60 [ 77.079579][ T28] page_owner free stack trace missing [ 77.084952][ T28] [ 77.087271][ T28] Memory state around the buggy address: [ 77.092907][ T28] ffff888028fa6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.101077][ T28] ffff888028fa6180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.109162][ T28] >ffff888028fa6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.117234][ T28] ^ [ 77.121312][ T28] ffff888028fa6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.129380][ T28] ffff888028fa6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.137450][ T28] ================================================================== [ 77.146235][ T28] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.153456][ T28] CPU: 0 PID: 28 Comm: kworker/u8:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 77.163090][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 77.173151][ T28] Workqueue: loop0 loop_rootcg_workfn [ 77.178541][ T28] Call Trace: [ 77.181822][ T28] [ 77.184753][ T28] dump_stack_lvl+0x241/0x360 [ 77.189440][ T28] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.194647][ T28] ? __pfx__printk+0x10/0x10 [ 77.199247][ T28] ? preempt_schedule+0xe1/0xf0 [ 77.204117][ T28] ? vscnprintf+0x5d/0x90 [ 77.208455][ T28] panic+0x349/0x860 [ 77.212364][ T28] ? check_panic_on_warn+0x21/0xb0 [ 77.217484][ T28] ? __pfx_panic+0x10/0x10 [ 77.221914][ T28] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 77.227906][ T28] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.234243][ T28] ? print_report+0x502/0x550 [ 77.238929][ T28] check_panic_on_warn+0x86/0xb0 [ 77.243880][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [ 77.248732][ T28] end_report+0x6e/0x140 [ 77.252982][ T28] kasan_report+0x154/0x180 [ 77.257755][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [ 77.262871][ T28] kasan_check_range+0x282/0x290 [ 77.267814][ T28] ? _copy_to_iter+0x7d4/0x1cf0 [ 77.272666][ T28] __asan_memcpy+0x40/0x70 [ 77.277095][ T28] _copy_to_iter+0x7d4/0x1cf0 [ 77.281782][ T28] ? __pfx__copy_to_iter+0x10/0x10 [ 77.286900][ T28] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 77.292652][ T28] ? page_copy_sane+0x46/0x260 [ 77.297431][ T28] copy_page_to_iter+0xb1/0x160 [ 77.302303][ T28] shmem_file_read_iter+0x4cb/0xa50 [ 77.307525][ T28] ? __pfx_shmem_file_read_iter+0x10/0x10 [ 77.313377][ T28] do_iter_readv_writev+0x5a4/0x800 [ 77.318591][ T28] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 77.324322][ T28] ? rw_verify_area+0x405/0x580 [ 77.329192][ T28] vfs_iter_read+0x152/0x420 [ 77.333796][ T28] loop_process_work+0xcfb/0x1e60 [ 77.338829][ T28] ? mark_lock+0x9a/0x350 [ 77.343174][ T28] ? __pfx_loop_process_work+0x10/0x10 [ 77.348651][ T28] ? __pfx_lock_acquire+0x10/0x10 [ 77.353684][ T28] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.359695][ T28] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.366043][ T28] ? process_scheduled_works+0x91b/0x1770 [ 77.371766][ T28] process_scheduled_works+0xa00/0x1770 [ 77.377337][ T28] ? __pfx_process_scheduled_works+0x10/0x10 [ 77.383336][ T28] ? assign_work+0x364/0x3d0 [ 77.387932][ T28] worker_thread+0x86d/0xd70 [ 77.392529][ T28] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.398434][ T28] ? __kthread_parkme+0x169/0x1d0 [ 77.403465][ T28] ? __pfx_worker_thread+0x10/0x10 [ 77.408605][ T28] kthread+0x2f0/0x390 [ 77.412688][ T28] ? __pfx_worker_thread+0x10/0x10 [ 77.417800][ T28] ? __pfx_kthread+0x10/0x10 [ 77.422404][ T28] ret_from_fork+0x4b/0x80 [ 77.426832][ T28] ? __pfx_kthread+0x10/0x10 [ 77.431437][ T28] ret_from_fork_asm+0x1a/0x30 [ 77.436218][ T28] [ 77.439479][ T28] Kernel Offset: disabled [ 77.443813][ T28] Rebooting in 86400 seconds..