./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2070171197 <...> DUID 00:04:f8:32:f0:25:6b:f7:7b:d6:d2:5e:34:7f:1d:07:e3:4e forked to background, child pid 3209 [ 29.148023][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.157973][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. execve("./syz-executor2070171197", ["./syz-executor2070171197"], 0x7ffe091475e0 /* 10 vars */) = 0 brk(NULL) = 0x55555707b000 brk(0x55555707bc40) = 0x55555707bc40 arch_prctl(ARCH_SET_FS, 0x55555707b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555707b5d0) = 3630 set_robust_list(0x55555707b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc698142630, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc698142d00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc6981426d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc698142d00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2070171197", 4096) = 28 brk(0x55555709cc40) = 0x55555709cc40 brk(0x55555709d000) = 0x55555709d000 mprotect(0x7fc698223000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3631 attached , child_tidptr=0x55555707b5d0) = 3631 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] set_robust_list(0x55555707b5e0, 24) = 0 ./strace-static-x86_64: Process 3632 attached [pid 3630] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3632 [pid 3632] set_robust_list(0x55555707b5e0, 24 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] <... set_robust_list resumed>) = 0 [pid 3631] getpid( [pid 3632] getpid( [pid 3631] <... getpid resumed>) = 3631 [pid 3630] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3633 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] mkdir("./syzkaller.3bY14M", 0700./strace-static-x86_64: Process 3634 attached ./strace-static-x86_64: Process 3633 attached [pid 3630] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3634 [pid 3632] <... getpid resumed>) = 3632 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... mkdir resumed>) = 0 [pid 3630] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3635 [pid 3633] set_robust_list(0x55555707b5e0, 24 [pid 3631] chmod("./syzkaller.3bY14M", 0777./strace-static-x86_64: Process 3635 attached [pid 3633] <... set_robust_list resumed>) = 0 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3634] set_robust_list(0x55555707b5e0, 24 [pid 3633] getpid( [pid 3635] set_robust_list(0x55555707b5e0, 24 [pid 3634] <... set_robust_list resumed>) = 0 [pid 3633] <... getpid resumed>) = 3633 [pid 3632] mkdir("./syzkaller.DQbsYR", 0700 [pid 3631] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 3636 attached [pid 3630] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3636 [pid 3633] mkdir("./syzkaller.iQWwAW", 0700 [pid 3636] set_robust_list(0x55555707b5e0, 24 [pid 3635] <... set_robust_list resumed>) = 0 [pid 3633] <... mkdir resumed>) = 0 [pid 3634] getpid( [pid 3633] chmod("./syzkaller.iQWwAW", 0777) = 0 [pid 3634] <... getpid resumed>) = 3634 [pid 3633] chdir("./syzkaller.iQWwAW") = 0 [pid 3631] chdir("./syzkaller.3bY14M" [pid 3633] mkdir("./0", 0777 [pid 3631] <... chdir resumed>) = 0 [pid 3631] mkdir("./0", 0777 [pid 3636] <... set_robust_list resumed>) = 0 [pid 3635] getpid( [pid 3634] mkdir("./syzkaller.9C4JEX", 0700 [pid 3633] <... mkdir resumed>) = 0 [pid 3632] <... mkdir resumed>) = 0 [pid 3633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3634] <... mkdir resumed>) = 0 [pid 3633] ioctl(3, LOOP_CLR_FD [pid 3634] chmod("./syzkaller.9C4JEX", 0777 [pid 3633] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3633] close(3 [pid 3636] getpid() = 3636 [pid 3635] <... getpid resumed>) = 3635 [pid 3634] <... chmod resumed>) = 0 [pid 3633] <... close resumed>) = 0 [pid 3632] chmod("./syzkaller.DQbsYR", 0777 [pid 3631] <... mkdir resumed>) = 0 [pid 3634] chdir("./syzkaller.9C4JEX") = 0 [pid 3635] mkdir("./syzkaller.2A1923", 0700 [pid 3634] mkdir("./0", 0777 [pid 3636] mkdir("./syzkaller.I1GXT8", 0700 [pid 3635] <... mkdir resumed>) = 0 [pid 3634] <... mkdir resumed>) = 0 [pid 3636] <... mkdir resumed>) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 3635] chmod("./syzkaller.2A1923", 0777) = 0 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3636] chmod("./syzkaller.I1GXT8", 0777 [pid 3634] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3631] <... openat resumed>) = 3 [pid 3636] <... chmod resumed>) = 0 [pid 3635] chdir("./syzkaller.2A1923" [pid 3634] close(3 [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3636] chdir("./syzkaller.I1GXT8" [pid 3635] <... chdir resumed>) = 0 [pid 3634] <... close resumed>) = 0 [pid 3631] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3636] <... chdir resumed>) = 0 [pid 3635] mkdir("./0", 0777 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] close(3 [pid 3636] mkdir("./0", 0777 [pid 3635] <... mkdir resumed>) = 0 [pid 3633] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] <... chmod resumed>) = 0 [pid 3631] <... close resumed>) = 0 [pid 3636] <... mkdir resumed>) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3634] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3637 [pid 3632] chdir("./syzkaller.DQbsYR" [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3633] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3638 [pid 3632] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x55555707b5e0, 24 [pid 3636] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3635] <... openat resumed>) = 3 [pid 3632] mkdir("./0", 0777 [pid 3637] <... set_robust_list resumed>) = 0 [pid 3636] <... openat resumed>) = 3 [pid 3635] ioctl(3, LOOP_CLR_FD [pid 3632] <... mkdir resumed>) = 0 [pid 3631] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3639 [pid 3632] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3637] chdir("./0" [pid 3636] ioctl(3, LOOP_CLR_FD [pid 3635] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3632] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3639 attached ./strace-static-x86_64: Process 3638 attached [pid 3637] <... chdir resumed>) = 0 [pid 3636] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3635] close(3 [pid 3632] ioctl(3, LOOP_CLR_FD [pid 3639] set_robust_list(0x55555707b5e0, 24 [pid 3638] set_robust_list(0x55555707b5e0, 24 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3636] close(3 [pid 3635] <... close resumed>) = 0 [pid 3632] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3639] <... set_robust_list resumed>) = 0 [pid 3638] <... set_robust_list resumed>) = 0 [pid 3637] <... prctl resumed>) = 0 [pid 3636] <... close resumed>) = 0 [pid 3635] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] close(3 [pid 3639] chdir("./0" [pid 3638] chdir("./0" [pid 3637] setpgid(0, 0 [pid 3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] <... close resumed>) = 0 [pid 3639] <... chdir resumed>) = 0 [pid 3638] <... chdir resumed>) = 0 [pid 3637] <... setpgid resumed>) = 0 [pid 3635] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3641 [pid 3632] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3641 attached [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3636] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3642 [pid 3639] <... prctl resumed>) = 0 [pid 3638] <... prctl resumed>) = 0 [pid 3639] setpgid(0, 0 [pid 3638] setpgid(0, 0 [pid 3637] <... openat resumed>) = 3 [pid 3641] set_robust_list(0x55555707b5e0, 24 [pid 3632] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3643 [pid 3639] <... setpgid resumed>) = 0 [pid 3638] <... setpgid resumed>) = 0 [pid 3637] write(3, "1000", 4 [pid 3641] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 3643 attached ./strace-static-x86_64: Process 3642 attached [pid 3641] chdir("./0" [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3637] <... write resumed>) = 4 [pid 3643] set_robust_list(0x55555707b5e0, 24 [pid 3642] set_robust_list(0x55555707b5e0, 24 [pid 3641] <... chdir resumed>) = 0 [pid 3639] <... openat resumed>) = 3 [pid 3638] <... openat resumed>) = 3 [pid 3637] close(3 [pid 3643] <... set_robust_list resumed>) = 0 [pid 3642] <... set_robust_list resumed>) = 0 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3639] write(3, "1000", 4 [pid 3638] write(3, "1000", 4 [pid 3637] <... close resumed>) = 0 [pid 3643] chdir("./0" [pid 3642] chdir("./0" [pid 3641] <... prctl resumed>) = 0 [pid 3639] <... write resumed>) = 4 [pid 3638] <... write resumed>) = 4 [pid 3637] symlink("/dev/binderfs", "./binderfs" [pid 3643] <... chdir resumed>) = 0 [pid 3642] <... chdir resumed>) = 0 [pid 3641] setpgid(0, 0 [pid 3639] close(3 [pid 3638] close(3 [pid 3637] <... symlink resumed>) = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3641] <... setpgid resumed>) = 0 [pid 3639] <... close resumed>) = 0 [pid 3638] <... close resumed>) = 0 [pid 3637] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... prctl resumed>) = 0 [pid 3642] <... prctl resumed>) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3639] symlink("/dev/binderfs", "./binderfs" [pid 3638] symlink("/dev/binderfs", "./binderfs" [pid 3637] <... futex resumed>) = 0 [pid 3643] setpgid(0, 0 [pid 3642] setpgid(0, 0 [pid 3641] <... openat resumed>) = 3 [pid 3639] <... symlink resumed>) = 0 [pid 3638] <... symlink resumed>) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3643] <... setpgid resumed>) = 0 [pid 3642] <... setpgid resumed>) = 0 [pid 3641] write(3, "1000", 4 [pid 3639] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... mmap resumed>) = 0x7fc698111000 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3641] <... write resumed>) = 4 [pid 3639] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [pid 3637] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3643] <... openat resumed>) = 3 [pid 3642] <... openat resumed>) = 3 [pid 3641] close(3 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3637] <... mprotect resumed>) = 0 [pid 3643] write(3, "1000", 4 [pid 3642] write(3, "1000", 4 [pid 3641] <... close resumed>) = 0 [pid 3639] <... mmap resumed>) = 0x7fc698111000 [pid 3638] <... mmap resumed>) = 0x7fc698111000 [pid 3637] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3643] <... write resumed>) = 4 [pid 3642] <... write resumed>) = 4 [pid 3641] symlink("/dev/binderfs", "./binderfs" [pid 3639] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3638] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3643] close(3 [pid 3642] close(3 [pid 3641] <... symlink resumed>) = 0 [pid 3639] <... mprotect resumed>) = 0 [pid 3638] <... mprotect resumed>) = 0 [pid 3637] <... clone resumed>, parent_tid=[3644], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3644 [pid 3643] <... close resumed>) = 0 [pid 3642] <... close resumed>) = 0 [pid 3641] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3638] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3637] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] symlink("/dev/binderfs", "./binderfs" [pid 3642] symlink("/dev/binderfs", "./binderfs" [pid 3641] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = 0 [pid 3643] <... symlink resumed>) = 0 [pid 3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3639] <... clone resumed>, parent_tid=[3645], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3645 [pid 3638] <... clone resumed>, parent_tid=[3646], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3646 [pid 3637] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3642] <... symlink resumed>) = 0 [pid 3643] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] <... mmap resumed>) = 0x7fc698111000 [pid 3639] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3642] <... futex resumed>) = 0 [pid 3641] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3639] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3641] <... mprotect resumed>) = 0 [pid 3639] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3638] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3644 attached [pid 3643] <... mmap resumed>) = 0x7fc698111000 [pid 3642] <... mmap resumed>) = 0x7fc698111000 [pid 3641] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3644] set_robust_list(0x7fc6981319e0, 24 [pid 3643] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3642] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3646 attached ./strace-static-x86_64: Process 3645 attached [pid 3643] <... mprotect resumed>) = 0 [pid 3642] <... mprotect resumed>) = 0 [pid 3641] <... clone resumed>, parent_tid=[3647], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3647 [pid 3644] <... set_robust_list resumed>) = 0 [pid 3646] set_robust_list(0x7fc6981319e0, 24 [pid 3643] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3642] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3641] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] set_robust_list(0x7fc6981319e0, 24 [pid 3646] <... set_robust_list resumed>) = 0 [pid 3645] <... set_robust_list resumed>) = 0 [pid 3641] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3649 attached ./strace-static-x86_64: Process 3648 attached ./strace-static-x86_64: Process 3647 attached [pid 3646] memfd_create("syzkaller", 0 [pid 3645] memfd_create("syzkaller", 0 [pid 3644] memfd_create("syzkaller", 0 [pid 3643] <... clone resumed>, parent_tid=[3648], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3648 [pid 3642] <... clone resumed>, parent_tid=[3649], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3649 [pid 3641] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] set_robust_list(0x7fc6981319e0, 24 [pid 3648] set_robust_list(0x7fc6981319e0, 24 [pid 3647] set_robust_list(0x7fc6981319e0, 24 [pid 3646] <... memfd_create resumed>) = 3 [pid 3645] <... memfd_create resumed>) = 3 [pid 3644] <... memfd_create resumed>) = 3 [pid 3643] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... set_robust_list resumed>) = 0 [pid 3648] <... set_robust_list resumed>) = 0 [pid 3647] <... set_robust_list resumed>) = 0 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3643] <... futex resumed>) = 0 [pid 3642] <... futex resumed>) = 0 [pid 3649] memfd_create("syzkaller", 0 [pid 3646] <... mmap resumed>) = 0x7fc68fc00000 [pid 3645] <... mmap resumed>) = 0x7fc68fc00000 [pid 3643] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] <... memfd_create resumed>) = 3 [pid 3648] memfd_create("syzkaller", 0 [pid 3647] memfd_create("syzkaller", 0 [pid 3644] <... mmap resumed>) = 0x7fc68fc00000 [pid 3642] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3648] <... memfd_create resumed>) = 3 [pid 3647] <... memfd_create resumed>) = 3 [pid 3649] <... mmap resumed>) = 0x7fc68fc00000 [pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc68fc00000 [pid 3648] <... mmap resumed>) = 0x7fc68fc00000 [pid 3646] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3645] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3644] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3649] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3648] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3647] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3646] <... write resumed>) = 2097152 [pid 3646] munmap(0x7fc68fc00000, 2097152) = 0 [pid 3645] <... write resumed>) = 2097152 [pid 3645] munmap(0x7fc68fc00000, 2097152 [pid 3646] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3645] <... munmap resumed>) = 0 [pid 3646] <... openat resumed>) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3 [pid 3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3645] ioctl(4, LOOP_SET_FD, 3 [pid 3646] <... ioctl resumed>) = 0 [pid 3646] close(3) = 0 [pid 3646] mkdir("./file0", 0777 [pid 3645] <... ioctl resumed>) = 0 [pid 3645] close(3) = 0 [pid 3645] mkdir("./file0", 0777 [pid 3648] <... write resumed>) = 2097152 [pid 3646] <... mkdir resumed>) = 0 [pid 3645] <... mkdir resumed>) = 0 [pid 3647] <... write resumed>) = 2097152 [pid 3646] mount("/dev/loop2", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3645] mount("/dev/loop0", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3644] <... write resumed>) = 2097152 [pid 3648] munmap(0x7fc68fc00000, 2097152 [pid 3649] <... write resumed>) = 2097152 [pid 3648] <... munmap resumed>) = 0 [pid 3647] munmap(0x7fc68fc00000, 2097152 [pid 3644] munmap(0x7fc68fc00000, 2097152 [pid 3649] munmap(0x7fc68fc00000, 2097152 [pid 3648] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3647] <... munmap resumed>) = 0 [pid 3648] <... openat resumed>) = 4 [pid 3647] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3644] <... munmap resumed>) = 0 [pid 3649] <... munmap resumed>) = 0 [pid 3648] ioctl(4, LOOP_SET_FD, 3 [pid 3647] <... openat resumed>) = 4 [pid 3644] openat(AT_FDCWD, "/dev/loop3", O_RDWR syzkaller login: [ 54.187562][ T3646] loop2: detected capacity change from 0 to 4096 [ 54.197499][ T3645] loop0: detected capacity change from 0 to 4096 [pid 3649] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3647] ioctl(4, LOOP_SET_FD, 3 [pid 3649] <... openat resumed>) = 4 [pid 3648] <... ioctl resumed>) = 0 [pid 3644] <... openat resumed>) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3 [pid 3648] close(3 [pid 3644] ioctl(4, LOOP_SET_FD, 3 [pid 3648] <... close resumed>) = 0 [pid 3647] <... ioctl resumed>) = 0 [pid 3644] <... ioctl resumed>) = 0 [pid 3648] mkdir("./file0", 0777) = 0 [pid 3647] close(3 [pid 3648] mount("/dev/loop1", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3647] <... close resumed>) = 0 [pid 3649] <... ioctl resumed>) = 0 [pid 3646] <... mount resumed>) = 0 [pid 3645] <... mount resumed>) = 0 [pid 3644] close(3 [pid 3649] close(3 [pid 3647] mkdir("./file0", 0777 [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3644] <... close resumed>) = 0 [pid 3649] <... close resumed>) = 0 [pid 3647] <... mkdir resumed>) = 0 [pid 3646] <... openat resumed>) = 3 [pid 3645] <... openat resumed>) = 3 [pid 3644] mkdir("./file0", 0777 [pid 3649] mkdir("./file0", 0777 [pid 3647] mount("/dev/loop4", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3646] chdir("./file0" [pid 3645] chdir("./file0" [pid 3649] <... mkdir resumed>) = 0 [pid 3646] <... chdir resumed>) = 0 [pid 3645] <... chdir resumed>) = 0 [pid 3644] <... mkdir resumed>) = 0 [pid 3649] mount("/dev/loop5", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3646] ioctl(4, LOOP_CLR_FD [pid 3645] ioctl(4, LOOP_CLR_FD [pid 3646] <... ioctl resumed>) = 0 [pid 3645] <... ioctl resumed>) = 0 [pid 3646] close(4 [pid 3645] close(4 [pid 3646] <... close resumed>) = 0 [pid 3645] <... close resumed>) = 0 [pid 3644] mount("/dev/loop3", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc," [pid 3646] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = 1 [pid 3645] <... futex resumed>) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [pid 3646] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3639] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [ 54.244204][ T3648] loop1: detected capacity change from 0 to 4096 [ 54.249397][ T3647] loop4: detected capacity change from 0 to 4096 [ 54.252187][ T3649] loop5: detected capacity change from 0 to 4096 [ 54.264136][ T3644] loop3: detected capacity change from 0 to 4096 [pid 3646] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3645] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3639] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... open resumed>) = 4 [pid 3646] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... open resumed>) = 4 [pid 3638] <... futex resumed>) = 0 [pid 3646] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3645] <... futex resumed>) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3639] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3639] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] <... mount resumed>) = 0 [pid 3648] <... mount resumed>) = 0 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3648] <... openat resumed>) = 3 [pid 3647] <... openat resumed>) = 3 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3648] chdir("./file0" [pid 3647] chdir("./file0" [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mount resumed>) = 0 [pid 3648] <... chdir resumed>) = 0 [pid 3647] <... chdir resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 54.314022][ T27] audit: type=1800 audit(1669676200.445:2): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3648] ioctl(4, LOOP_CLR_FD [pid 3647] ioctl(4, LOOP_CLR_FD [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... openat resumed>) = 3 [pid 3648] <... ioctl resumed>) = 0 [pid 3647] <... ioctl resumed>) = 0 [pid 3648] close(4 [pid 3647] close(4 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] chdir("./file0" [pid 3648] <... close resumed>) = 0 [pid 3647] <... close resumed>) = 0 [pid 3648] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 1 [pid 3647] <... futex resumed>) = 1 [pid 3648] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... chdir resumed>) = 0 [pid 3643] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] ioctl(4, LOOP_CLR_FD [pid 3643] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3647] <... futex resumed>) = 0 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... ioctl resumed>) = 0 [pid 3643] <... futex resumed>) = 1 [pid 3641] <... futex resumed>) = 1 [pid 3648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3647] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] close(4 [pid 3643] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... close resumed>) = 0 [pid 3648] <... open resumed>) = 4 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... open resumed>) = 4 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... futex resumed>) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3648] <... futex resumed>) = 1 [pid 3647] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] <... futex resumed>) = 0 [pid 3637] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] <... futex resumed>) = 1 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3641] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3637] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... open resumed>) = 4 [pid 3638] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = 0 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... futex resumed>) = 1 [pid 3639] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3637] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... mmap resumed>) = 0x7fc6980f0000 [pid 3637] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3639] <... futex resumed>) = 0 [pid 3638] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3637] <... futex resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3638] <... mprotect resumed>) = 0 [pid 3637] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3647] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3643] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... mmap resumed>) = 0x7fc6980f0000 [pid 3638] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3643] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 0 [pid 3639] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3643] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3639] <... mprotect resumed>) = 0 [pid 3638] <... clone resumed>, parent_tid=[3652], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3652 [pid 3649] <... mount resumed>) = 0 [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3639] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3638] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3638] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3652 attached [pid 3649] <... openat resumed>) = 3 [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3639] <... clone resumed>, parent_tid=[3653], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3653 [pid 3638] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] set_robust_list(0x7fc6981109e0, 24 [pid 3649] chdir("./file0" [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3639] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3653 attached [pid 3652] <... set_robust_list resumed>) = 0 [ 54.396959][ T27] audit: type=1800 audit(1669676200.465:3): pid=3645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 3649] <... chdir resumed>) = 0 [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3639] <... futex resumed>) = 0 [pid 3652] fallocate(4, 0, 0, 1048820 [pid 3649] ioctl(4, LOOP_CLR_FD [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3646] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3639] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] set_robust_list(0x7fc6981109e0, 24 [pid 3652] <... fallocate resumed>) = -1 ENOSPC (No space left on device) [pid 3649] <... ioctl resumed>) = 0 [pid 3646] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3653] <... set_robust_list resumed>) = 0 [pid 3652] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] close(4 [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3637] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3652] <... futex resumed>) = 1 [pid 3649] <... close resumed>) = 0 [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3638] <... futex resumed>) = 0 [pid 3637] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3653] fallocate(4, 0, 0, 1048820 [pid 3652] futex(0x7fc6982297b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 54.461354][ T27] audit: type=1800 audit(1669676200.475:4): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [pid 3649] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3643] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3641] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3638] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3653] <... fallocate resumed>) = -1 ENOSPC (No space left on device) [pid 3652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3649] <... futex resumed>) = 1 [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3642] <... futex resumed>) = 0 [pid 3639] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3638] <... futex resumed>) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3653] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3643] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [ 54.509853][ T27] audit: type=1800 audit(1669676200.485:5): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 54.562857][ T27] audit: type=1800 audit(1669676200.485:6): pid=3645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 54.587064][ T27] audit: type=1800 audit(1669676200.485:7): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [pid 3638] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... mmap resumed>) = 0x7fc6980f0000 [pid 3653] <... futex resumed>) = 0 [pid 3652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x20000100} --- [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3643] <... futex resumed>) = 0 [pid 3642] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] <... futex resumed>) = 0 [pid 3639] <... futex resumed>) = 0 [pid 3649] <... futex resumed>) = 0 [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3642] <... futex resumed>) = 1 [pid 3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3639] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3649] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3646] <... mmap resumed>) = ? [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3638] <... futex resumed>) = ? [pid 3652] +++ killed by SIGSEGV +++ [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3637] <... mprotect resumed>) = 0 [pid 3637] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<, parent_tid=[3655], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3655 [pid 3637] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3637] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... mmap resumed>) = 0x20000000 [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3633] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3638, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11} --- [pid 3633] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3633] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3633] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3633] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3633] getdents64(3, 0x55555707c620 /* 4 entries */, 32768) = 112 [pid 3633] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3645] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3633] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3633] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3643] <... mmap resumed>) = 0x7fc6980f0000 [pid 3642] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... mmap resumed>) = 0x7fc6980f0000 [pid 3653] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x20000100} --- [pid 3633] unlink("./0/binderfs"./strace-static-x86_64: Process 3655 attached [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3643] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3641] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3633] <... unlink resumed>) = 0 [pid 3633] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3649] <... open resumed>) = 4 [pid 3649] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3649] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3642] <... futex resumed>) = 0 [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3642] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] set_robust_list(0x7fc6981109e0, 24) = 0 [ 54.608308][ T27] audit: type=1800 audit(1669676200.495:8): pid=3645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 54.632178][ T27] audit: type=1800 audit(1669676200.495:9): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [pid 3655] fallocate(4, 0, 0, 1048820) = -1 ENOSPC (No space left on device) [pid 3643] <... mprotect resumed>) = 0 [pid 3641] <... mprotect resumed>) = 0 [pid 3655] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3655] futex(0x7fc6982297b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] <... futex resumed>) = 0 [pid 3655] preadv2(4, [pid 3637] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3641] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3641] <... clone resumed>, parent_tid=[3656], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3656 [pid 3643] <... clone resumed>, parent_tid=[3657], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3657 [pid 3641] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3642] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3657 attached ./strace-static-x86_64: Process 3656 attached [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3645] <... mmap resumed>) = ? [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3639] <... futex resumed>) = ? [pid 3657] set_robust_list(0x7fc6981109e0, 24 [pid 3656] set_robust_list(0x7fc6981109e0, 24 [pid 3653] +++ killed by SIGSEGV +++ [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3645] +++ killed by SIGSEGV +++ [pid 3642] <... mmap resumed>) = 0x7fc6980f0000 [pid 3639] +++ killed by SIGSEGV +++ [pid 3657] <... set_robust_list resumed>) = 0 [pid 3656] <... set_robust_list resumed>) = 0 [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3648] <... mmap resumed>) = 0x20000000 [pid 3642] mprotect(0x7fc6980f1000, 131072, PROT_READ|PROT_WRITE [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3639, si_uid=0, si_status=SIGSEGV, si_utime=1, si_stime=18} --- [pid 3657] fallocate(4, 0, 0, 1048820 [pid 3656] fallocate(4, 0, 0, 1048820 [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3647] <... mmap resumed>) = 0x20000000 [pid 3642] <... mprotect resumed>) = 0 [pid 3631] restart_syscall(<... resuming interrupted clone ...> [pid 3657] <... fallocate resumed>) = -1 ENOSPC (No space left on device) [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3642] clone(child_stack=0x7fc6981103f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3631] <... restart_syscall resumed>) = 0 [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3656] <... fallocate resumed>) = -1 ENOSPC (No space left on device) [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3647] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3642] <... clone resumed>, parent_tid=[3658], tls=0x7fc698110700, child_tidptr=0x7fc6981109d0) = 3658 [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3642] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [ 54.655518][ T27] audit: type=1800 audit(1669676200.495:10): pid=3645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 54.677471][ T27] audit: type=1800 audit(1669676200.495:11): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor207" name="bus" dev="loop2" ino=33 res=0 errno=0 [pid 3631] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3657] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3656] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3642] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3631] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3657] <... futex resumed>) = 1 [pid 3656] <... futex resumed>) = 1 [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3643] <... futex resumed>) = 0 [pid 3642] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 0 [pid 3631] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 3658 attached [pid 3657] futex(0x7fc6982297b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3656] futex(0x7fc6982297b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3643] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] futex(0x7fc6982297b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... openat resumed>) = 3 [pid 3658] set_robust_list(0x7fc6981109e0, 24 [pid 3657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3643] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 0 [pid 3631] fstat(3, [pid 3658] <... set_robust_list resumed>) = 0 [pid 3649] <... mmap resumed>) = 0x20000000 [pid 3643] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] futex(0x7fc6982297bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3658] fallocate(4, 0, 0, 1048820 [pid 3657] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x20000100} --- [pid 3656] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x20000100} --- [pid 3649] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3648] <... mmap resumed>) = ? [pid 3642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3658] <... fallocate resumed>) = -1 ENOSPC (No space left on device) [pid 3643] <... futex resumed>) = ? [pid 3642] futex(0x7fc6982297cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] getdents64(3, [pid 3657] +++ killed by SIGSEGV +++ [pid 3648] +++ killed by SIGSEGV +++ [pid 3642] <... futex resumed>) = 0 [pid 3631] <... getdents64 resumed>0x55555707c620 /* 4 entries */, 32768) = 112 [pid 3658] futex(0x7fc6982297bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] +++ killed by SIGSEGV +++ [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3631] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3658] <... futex resumed>) = 0 [pid 3631] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3658] futex(0x7fc6982297b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3632] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3643, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8} --- [pid 3631] lstat("./0/binderfs", [pid 3632] restart_syscall(<... resuming interrupted clone ...> [pid 3631] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3632] <... restart_syscall resumed>) = 0 [pid 3631] unlink("./0/binderfs") = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3632] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3632] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3632] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3632] getdents64(3, 0x55555707c620 /* 4 entries */, 32768) = 112 [pid 3632] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3632] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3632] unlink("./0/binderfs") = 0 [pid 3632] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3647] <... mmap resumed>) = ? [pid 3656] +++ killed by SIGSEGV +++ [pid 3647] +++ killed by SIGSEGV +++ [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3641] <... futex resumed>) = ? [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3641] +++ killed by SIGSEGV +++ [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3635] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 54.850309][ T3655] ------------[ cut here ]------------ [ 54.855999][ T3655] WARNING: CPU: 0 PID: 3655 at lib/iov_iter.c:918 iov_iter_revert+0x394/0x850 [ 54.866602][ T3655] Modules linked in: [ 54.873290][ T3655] CPU: 0 PID: 3655 Comm: syz-executor207 Not tainted 6.1.0-rc7-syzkaller #0 [ 54.882170][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.893873][ T3655] RIP: 0010:iov_iter_revert+0x394/0x850 [pid 3635] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3635] fstat(3, [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3635] getdents64(3, 0x55555707c620 /* 4 entries */, 32768) = 112 [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3635] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3635] lstat("./0/binderfs", [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3635] unlink("./0/binderfs" [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] <... unlink resumed>) = 0 [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3635] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3644] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< 0b eb e8 48 8d 6b 18 48 89 e8 48 c1 e8 03 42 80 3c 28 00 74 08 [ 54.925026][ T3655] RSP: 0018:ffffc90003c0fac8 EFLAGS: 00010293 [ 54.937695][ T3655] RAX: ffffffff8436f214 RBX: ffffc90003c0fe40 RCX: ffff888026a39d40 [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 3644] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3644] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3644] futex(0x7fc6982297a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3633] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 54.962843][ T3655] RDX: 0000000000000000 RSI: fffffffffffa6000 RDI: 000000007ffff000 [pid 3633] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3633] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3633] getdents64(4, 0x555557084660 /* 2 entries */, 32768) = 48 [pid 3633] getdents64(4, 0x555557084660 /* 0 entries */, 32768) = 0 [pid 3633] close(4) = 0 [pid 3633] rmdir("./0/file0") = 0 [pid 3633] getdents64(3, 0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3633] close(3) = 0 [pid 3633] rmdir("./0") = 0 [pid 3633] mkdir("./1", 0777) = 0 [pid 3633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3633] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3633] close(3) = 0 [pid 3633] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555707b5d0) = 3662 [ 55.011032][ T3655] RBP: fffffffffffa6000 R08: ffffffff8436eebc R09: fffffbfff1cebe0e ./strace-static-x86_64: Process 3662 attached [pid 3637] exit_group(0) = ? [pid 3644] <... futex resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3662] set_robust_list(0x55555707b5e0, 24) = 0 [pid 3662] chdir("./1") = 0 [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3662] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc698111000 [pid 3662] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE) = 0 [ 55.077782][ T3655] R10: fffffbfff1cebe0e R11: 1ffffffff1cebe0d R12: fffffffffffa6000 [pid 3662] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3649] <... mmap resumed>) = -1 ENOSPC (No space left on device) [pid 3642] <... mmap resumed>) = 0x7fc6980cf000 [pid 3642] mprotect(0x7fc6980d0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3662] <... clone resumed>, parent_tid=[3663], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3663 [pid 3642] clone(child_stack=0x7fc6980ef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3662] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3642] <... clone resumed>, parent_tid=[3664], tls=0x7fc6980ef700, child_tidptr=0x7fc6980ef9d0) = 3664 [pid 3642] futex(0x7fc6982297c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7fc6982297cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x7fc6980ef9e0, 24) = 0 [pid 3664] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x20000100} --- ./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x7fc6981319e0, 24) = 0 [ 55.129814][ T3655] R13: ffffc90003c0fe40 R14: ffffc90003c0fe50 R15: 000000007ffa4000 [ 55.152571][ T3655] FS: 00007fc698110700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 55.163200][ T3655] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.171664][ T3655] CR2: 0000000020000100 CR3: 00000000235e6000 CR4: 00000000003506e0 [pid 3663] memfd_create("syzkaller", 0) = 3 [pid 3658] <... futex resumed>) = ? [pid 3642] <... futex resumed>) = ? [pid 3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3649] +++ killed by SIGSEGV +++ [pid 3664] +++ killed by SIGSEGV +++ [pid 3663] <... mmap resumed>) = 0x7fc68fc00000 [pid 3658] +++ killed by SIGSEGV +++ [pid 3642] +++ killed by SIGSEGV +++ [pid 3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3642, si_uid=0, si_status=SIGSEGV, si_utime=1, si_stime=16} --- [pid 3636] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3636] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3636] getdents64(3, 0x55555707c620 /* 4 entries */, 32768) = 112 [pid 3636] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3636] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3636] unlink("./0/binderfs") = 0 [ 55.181258][ T3655] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.211415][ T3655] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.225749][ T3655] Call Trace: [pid 3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3632] <... umount2 resumed>) = 0 [pid 3632] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3632] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3632] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3632] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3632] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3632] getdents64(4, [pid 3631] <... umount2 resumed>) = 0 [pid 3632] <... getdents64 resumed>0x555557084660 /* 2 entries */, 32768) = 48 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3632] getdents64(4, 0x555557084660 /* 0 entries */, 32768) = 0 [pid 3631] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3632] close(4 [pid 3631] lstat("./0/file0", [pid 3632] <... close resumed>) = 0 [pid 3631] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3632] rmdir("./0/file0" [ 55.230001][ T3655] [ 55.234074][ T3655] ? ntfs_direct_IO+0x2d4/0x360 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3663] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3632] <... rmdir resumed>) = 0 [pid 3631] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3632] getdents64(3, [pid 3631] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3632] <... getdents64 resumed>0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3631] <... openat resumed>) = 4 [pid 3632] close(3 [pid 3631] fstat(4, [pid 3632] <... close resumed>) = 0 [pid 3632] rmdir("./0" [pid 3631] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3632] <... rmdir resumed>) = 0 [pid 3631] getdents64(4, [pid 3632] mkdir("./1", 0777 [pid 3631] <... getdents64 resumed>0x555557084660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, [pid 3632] <... mkdir resumed>) = 0 [pid 3631] <... getdents64 resumed>0x555557084660 /* 0 entries */, 32768) = 0 [pid 3632] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3631] close(4 [pid 3632] <... openat resumed>) = 3 [pid 3631] <... close resumed>) = 0 [pid 3632] ioctl(3, LOOP_CLR_FD [pid 3631] rmdir("./0/file0") = 0 [pid 3632] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3632] close(3 [pid 3631] getdents64(3, [pid 3632] <... close resumed>) = 0 [pid 3631] <... getdents64 resumed>0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3632] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 55.276999][ T3655] generic_file_read_iter+0x3d4/0x540 [ 55.283760][ T3655] do_iter_read+0x6e3/0xc10 [ 55.290177][ T3655] ? _copy_from_user+0x106/0x160 [ 55.295638][ T3655] ? vfs_iter_read+0xa0/0xa0 [ 55.305441][ T3655] do_preadv+0x1f4/0x330 [ 55.309866][ T3655] ? do_writev+0x430/0x430 [pid 3631] close(3) = 0 [pid 3632] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3665 [pid 3631] rmdir("./0") = 0 [pid 3631] mkdir("./1", 0777./strace-static-x86_64: Process 3665 attached ) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3665] set_robust_list(0x55555707b5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3666 [pid 3665] <... set_robust_list resumed>) = 0 [pid 3665] chdir("./1" [pid 3635] <... umount2 resumed>) = 0 [pid 3665] <... chdir resumed>) = 0 [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 3666 attached [pid 3635] lstat("./0/file0", [pid 3666] set_robust_list(0x55555707b5e0, 24 [pid 3665] write(3, "1000", 4 [pid 3666] <... set_robust_list resumed>) = 0 [pid 3635] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3665] <... write resumed>) = 4 [pid 3665] close(3 [ 55.337632][ T3655] ? _raw_spin_unlock_irq+0x1f/0x40 [pid 3635] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3665] <... close resumed>) = 0 [pid 3635] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3665] symlink("/dev/binderfs", "./binderfs" [pid 3635] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3665] <... symlink resumed>) = 0 [pid 3635] <... openat resumed>) = 4 [pid 3665] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] fstat(4, [pid 3665] <... futex resumed>) = 0 [pid 3635] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3666] chdir("./1" [pid 3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc698111000 [pid 3663] <... write resumed>) = 2097152 [pid 3635] getdents64(4, [pid 3666] <... chdir resumed>) = 0 [pid 3665] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3635] <... getdents64 resumed>0x555557084660 /* 2 entries */, 32768) = 48 [pid 3665] <... mprotect resumed>) = 0 [pid 3635] getdents64(4, [pid 3665] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3635] <... getdents64 resumed>0x555557084660 /* 0 entries */, 32768) = 0 [pid 3635] close(4 [pid 3665] <... clone resumed>, parent_tid=[3667], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3667 [pid 3635] <... close resumed>) = 0 [pid 3665] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] rmdir("./0/file0" [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3665] <... futex resumed>) = 0 [pid 3635] <... rmdir resumed>) = 0 [pid 3665] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3635] getdents64(3, 0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3635] close(3) = 0 [pid 3635] rmdir("./0") = 0 [pid 3635] mkdir("./1", 0777) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3666] <... prctl resumed>) = 0 [pid 3635] <... openat resumed>) = 3 [pid 3635] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3663] munmap(0x7fc68fc00000, 2097152 [pid 3635] close(3 [pid 3666] setpgid(0, 0 [pid 3635] <... close resumed>) = 0 ./strace-static-x86_64: Process 3667 attached [pid 3635] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 55.375163][ T3655] ? lockdep_hardirqs_on+0x8d/0x130 [ 55.381453][ T3655] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.388717][ T3655] ? ptrace_notify+0x245/0x340 [ 55.394555][ T3655] ? do_notify_parent+0xe00/0xe00 [ 55.400448][ T3655] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 55.407565][ T3655] ? __x64_sys_preadv2+0xb9/0x100 [ 55.412706][ T3655] do_syscall_64+0x3d/0xb0 [ 55.417337][ T3655] entry_SYSCALL_64_after_hwframe+0x63/0xcd [pid 3667] set_robust_list(0x7fc6981319e0, 24) = 0 [pid 3663] <... munmap resumed>) = 0 [pid 3635] <... clone resumed>, child_tidptr=0x55555707b5d0) = 3668 ./strace-static-x86_64: Process 3668 attached [pid 3666] <... setpgid resumed>) = 0 [pid 3667] memfd_create("syzkaller", 0) = 3 [pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc68fc00000 [pid 3663] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3668] set_robust_list(0x55555707b5e0, 24 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3668] <... set_robust_list resumed>) = 0 [pid 3666] <... openat resumed>) = 3 [pid 3663] ioctl(4, LOOP_SET_FD, 3 [pid 3668] chdir("./1" [pid 3666] write(3, "1000", 4 [pid 3668] <... chdir resumed>) = 0 [pid 3666] <... write resumed>) = 4 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3666] close(3 [pid 3668] <... prctl resumed>) = 0 [pid 3666] <... close resumed>) = 0 [pid 3668] setpgid(0, 0 [pid 3666] symlink("/dev/binderfs", "./binderfs" [pid 3668] <... setpgid resumed>) = 0 [pid 3666] <... symlink resumed>) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3666] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... openat resumed>) = 3 [pid 3666] <... futex resumed>) = 0 [pid 3668] write(3, "1000", 4 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3668] <... write resumed>) = 4 [pid 3666] <... mmap resumed>) = 0x7fc698111000 [pid 3668] close(3 [pid 3666] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE [pid 3668] <... close resumed>) = 0 [pid 3666] <... mprotect resumed>) = 0 [pid 3668] symlink("/dev/binderfs", "./binderfs" [pid 3666] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3668] <... symlink resumed>) = 0 [pid 3668] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... clone resumed>, parent_tid=[3669], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3669 [pid 3668] <... futex resumed>) = 0 [pid 3666] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3666] <... futex resumed>) = 0 [pid 3668] <... mmap resumed>) = 0x7fc698111000 [pid 3666] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3668] mprotect(0x7fc698112000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3668] clone(child_stack=0x7fc6981313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3670], tls=0x7fc698131700, child_tidptr=0x7fc6981319d0) = 3670 [pid 3668] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x7fc6981319e0, 24) = 0 [pid 3669] memfd_create("syzkaller", 0 [pid 3663] <... ioctl resumed>) = 0 [pid 3663] close(3./strace-static-x86_64: Process 3670 attached [pid 3669] <... memfd_create resumed>) = 3 [pid 3670] set_robust_list(0x7fc6981319e0, 24 [pid 3669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3670] <... set_robust_list resumed>) = 0 [pid 3669] <... mmap resumed>) = 0x7fc68fc00000 [ 55.424168][ T3655] RIP: 0033:0x7fc698185789 [ 55.428762][ T3655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.450121][ T3655] RSP: 002b:00007fc6981102e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 55.452746][ T3663] loop2: detected capacity change from 0 to 4096 [pid 3670] memfd_create("syzkaller", 0 [pid 3667] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3663] <... close resumed>) = 0 [pid 3670] <... memfd_create resumed>) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc68fc00000 [pid 3663] mkdir("./file0", 0777) = 0 [pid 3663] mount("/dev/loop2", "./file0", "ntfs3", 0, "sparse,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,prealloc,") = 0 [ 55.498142][ T3655] RAX: ffffffffffffffda RBX: 00007fc6982297b8 RCX: 00007fc698185789 [ 55.536732][ T3655] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000004 [pid 3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3667] <... write resumed>) = 2097152 [pid 3663] <... openat resumed>) = 3 [pid 3667] munmap(0x7fc68fc00000, 2097152 [pid 3663] chdir("./file0" [pid 3636] <... umount2 resumed>) = 0 [pid 3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3636] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3636] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3636] getdents64(4, 0x555557084660 /* 2 entries */, 32768) = 48 [pid 3636] getdents64(4, [pid 3667] <... munmap resumed>) = 0 [pid 3663] <... chdir resumed>) = 0 [pid 3636] <... getdents64 resumed>0x555557084660 /* 0 entries */, 32768) = 0 [pid 3663] ioctl(4, LOOP_CLR_FD [pid 3636] close(4) = 0 [pid 3636] rmdir("./0/file0" [pid 3667] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3663] <... ioctl resumed>) = 0 [pid 3636] <... rmdir resumed>) = 0 [pid 3670] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3667] <... openat resumed>) = 4 [pid 3663] close(4 [ 55.564199][ T3655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.577549][ T3655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6982297b0 [ 55.586518][ T3655] R13: 00007fc6981f67e4 R14: 6573726168636f69 R15: 0030656c69662f2e [pid 3636] getdents64(3, [pid 3669] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 3667] ioctl(4, LOOP_SET_FD, 3 [pid 3663] <... close resumed>) = 0 [pid 3636] <... getdents64 resumed>0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3636] close(3) = 0 [pid 3636] rmdir("./0") = 0 [pid 3636] mkdir("./1", 0777) = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 3636] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3636] close(3) = 0 [pid 3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555707b5d0) = 3671 [pid 3663] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3662] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3662] <... futex resumed>) = 0 [pid 3662] futex(0x7fc6982297ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3663] <... open resumed>) = 4 ./strace-static-x86_64: Process 3671 attached [pid 3663] futex(0x7fc6982297ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] set_robust_list(0x55555707b5e0, 24 [pid 3663] <... futex resumed>) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3671] <... set_robust_list resumed>) = 0 [pid 3667] <... ioctl resumed>) = 0 [pid 3663] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 3662] futex(0x7fc6982297a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] chdir("./1") = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3663] <... mmap resumed>) = 0x20000000 [pid 3662] <... futex resumed>) = 0 [ 55.613000][ T3667] loop1: detected capacity change from 0 to 4096 [ 55.619754][ T3655] [ 55.645338][ T3655] Kernel panic - not syncing: panic_on_warn set ... [ 55.651974][ T3655] CPU: 1 PID: 3655 Comm: syz-executor207 Not tainted 6.1.0-rc7-syzkaller #0 [ 55.660663][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 55.670734][ T3655] Call Trace: [ 55.674024][ T3655] [ 55.676970][ T3655] dump_stack_lvl+0x1b1/0x28e [ 55.681667][ T3655] ? nf_tcp_handle_invalid+0x62e/0x62e [ 55.687141][ T3655] ? panic+0x710/0x710 [ 55.691234][ T3655] ? vscnprintf+0x59/0x80 [ 55.695580][ T3655] ? iov_iter_revert+0x380/0x850 [ 55.700538][ T3655] panic+0x2d6/0x710 [ 55.703624][ T3669] loop0: detected capacity change from 0 to 4096 [ 55.710763][ T3655] ? __warn+0x131/0x220 [ 55.714920][ T3655] ? memcpy_page_flushcache+0xfc/0xfc [ 55.720298][ T3655] ? iov_iter_revert+0x394/0x850 [ 55.725236][ T3655] __warn+0x1fa/0x220 [ 55.729216][ T3655] ? iov_iter_revert+0x394/0x850 [ 55.734153][ T3655] report_bug+0x1b3/0x2d0 [ 55.738486][ T3655] handle_bug+0x3d/0x70 [ 55.742637][ T3655] exc_invalid_op+0x16/0x40 [ 55.747137][ T3655] asm_exc_invalid_op+0x16/0x20 [ 55.751984][ T3655] RIP: 0010:iov_iter_revert+0x394/0x850 [ 55.757535][ T3655] Code: 80 3c 01 00 48 8b 5c 24 20 74 08 48 89 df e8 33 c0 a7 fd 4c 89 2b 48 83 c4 68 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 dc a5 53 fd <0f> 0b eb e8 48 8d 6b 18 48 89 e8 48 c1 e8 03 42 80 3c 28 00 74 08 [ 55.777133][ T3655] RSP: 0018:ffffc90003c0fac8 EFLAGS: 00010293 [ 55.783193][ T3655] RAX: ffffffff8436f214 RBX: ffffc90003c0fe40 RCX: ffff888026a39d40 [ 55.791155][ T3655] RDX: 0000000000000000 RSI: fffffffffffa6000 RDI: 000000007ffff000 [ 55.799119][ T3655] RBP: fffffffffffa6000 R08: ffffffff8436eebc R09: fffffbfff1cebe0e [ 55.807081][ T3655] R10: fffffbfff1cebe0e R11: 1ffffffff1cebe0d R12: fffffffffffa6000 [ 55.815044][ T3655] R13: ffffc90003c0fe40 R14: ffffc90003c0fe50 R15: 000000007ffa4000 [ 55.823025][ T3655] ? iov_iter_revert+0x3c/0x850 [ 55.827878][ T3655] ? iov_iter_revert+0x394/0x850 [ 55.832818][ T3655] ? iov_iter_revert+0x394/0x850 [ 55.837755][ T3655] ? ntfs_direct_IO+0x2d4/0x360 [ 55.842609][ T3655] generic_file_read_iter+0x3d4/0x540 [ 55.847982][ T3655] do_iter_read+0x6e3/0xc10 [ 55.852482][ T3655] ? _copy_from_user+0x106/0x160 [ 55.857424][ T3655] ? vfs_iter_read+0xa0/0xa0 [ 55.862026][ T3655] do_preadv+0x1f4/0x330 [ 55.866270][ T3655] ? do_writev+0x430/0x430 [ 55.870687][ T3655] ? _raw_spin_unlock_irq+0x1f/0x40 [ 55.875886][ T3655] ? lockdep_hardirqs_on+0x8d/0x130 [ 55.881081][ T3655] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.886281][ T3655] ? ptrace_notify+0x245/0x340 [ 55.891040][ T3655] ? do_notify_parent+0xe00/0xe00 [ 55.896062][ T3655] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 55.902037][ T3655] ? __x64_sys_preadv2+0xb9/0x100 [ 55.907061][ T3655] do_syscall_64+0x3d/0xb0 [ 55.911470][ T3655] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.917354][ T3655] RIP: 0033:0x7fc698185789 [ 55.921763][ T3655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.941359][ T3655] RSP: 002b:00007fc6981102e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 55.949763][ T3655] RAX: ffffffffffffffda RBX: 00007fc6982297b8 RCX: 00007fc698185789 [ 55.957727][ T3655] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000004 [ 55.965686][ T3655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.973647][ T3655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6982297b0 [ 55.981607][ T3655] R13: 00007fc6981f67e4 R14: 6573726168636f69 R15: 0030656c69662f2e [ 55.989584][ T3655] [ 55.992745][ T3655] Kernel Offset: disabled [ 55.997119][ T3655] Rebooting in 86400 seconds..