./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3856985718 <...> Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts. execve("./syz-executor3856985718", ["./syz-executor3856985718"], 0x7fff22b58000 /* 10 vars */) = 0 brk(NULL) = 0x55556fcaf000 brk(0x55556fcafd40) = 0x55556fcafd40 arch_prctl(ARCH_SET_FS, 0x55556fcaf3c0) = 0 set_tid_address(0x55556fcaf690) = 5836 set_robust_list(0x55556fcaf6a0, 24) = 0 rseq(0x55556fcafce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3856985718", 4096) = 28 getrandom("\xd8\xa0\xa2\x01\x78\x86\x40\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556fcafd40 brk(0x55556fcd0d40) = 0x55556fcd0d40 brk(0x55556fcd1000) = 0x55556fcd1000 mprotect(0x7f53f82eb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.q6pGyu", 0700) = 0 chmod("./syzkaller.q6pGyu", 0777) = 0 chdir("./syzkaller.q6pGyu") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x55556fcaf690) = 5838 [pid 5838] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5838] chdir("./0") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] write(1, "executing program\n", 18executing program ) = 18 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5838] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5839 attached [pid 5839] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053 [pid 5838] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5839] <... rseq resumed>) = 0 [pid 5839] set_robust_list(0x7f53f81fb9a0, 24) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7f53efc00000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file1", 0777) = 0 [ 134.728068][ T5839] loop0: detected capacity change from 0 to 32768 [ 134.798603][ T5839] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 134.815166][ T5839] bcachefs (loop0): initializing new filesystem [ 134.823481][ T5839] bcachefs (loop0): going read-write [ 134.830653][ T5839] bcachefs (loop0): marking superblocks [pid 5839] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5839] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file1") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_CLR_FD) = 0 [ 134.847813][ T5839] bcachefs (loop0): initializing freespace [ 134.854642][ T5839] bcachefs (loop0): done initializing freespace [ 134.864575][ T5839] bcachefs (loop0): reading snapshots table [ 134.870621][ T5839] bcachefs (loop0): reading snapshots done [ 134.886651][ T5839] bcachefs (loop0): done starting filesystem [pid 5839] close(4) = 0 [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] lseek(-1, 32767, SEEK_SET [pid 5838] <... futex resumed>) = 0 [pid 5839] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] <... futex resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... openat resumed>) = 4 [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... ioctl resumed>) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5839] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... open resumed>) = 5 [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] memfd_create("syzkaller", 0) = 6 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5839] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5839] munmap(0x7f53efc00000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5839] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5839] ioctl(7, LOOP_CLR_FD) = 0 [pid 5839] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5839] close(7) = 0 [pid 5839] close(6) = 0 [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] ftruncate(5, 33587195 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... ftruncate resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] <... futex resumed>) = 0 [pid 5839] sendfile(5, 5, NULL, 281474978811909 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5838] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5851 attached [pid 5851] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053) = 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5851]}, 88) = 5851 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5838] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] set_robust_list(0x7f53f81da9a0, 24 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] ftruncate(5, 6 [pid 5839] <... sendfile resumed>) = 1703936 [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... ftruncate resumed>) = 0 [pid 5851] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5851] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] write(-1, "0x0000000000000009", 18 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5839] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] exit_group(0 [pid 5851] <... futex resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5838] <... exit_group resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 135.212651][ T5851] syz-executor385 (5851) used greatest stack depth: 13680 bytes left newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 135.316075][ T5836] bcachefs (loop0): shutting down [ 135.321351][ T5836] bcachefs (loop0): going read-only [ 135.326710][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 135.335747][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 29 [ 135.360140][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 32 [ 135.370978][ T5836] bcachefs (loop0): shutdown complete, journal seq 33 [ 135.378889][ T5836] bcachefs (loop0): marking filesystem clean [ 135.396876][ T5836] bcachefs (loop0): shutdown complete umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x55556fcaf6a0, 24 [pid 5836] <... clone resumed>, child_tidptr=0x55556fcaf690) = 5852 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5852] chdir("./1") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5852] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053 [pid 5852] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] <... rseq resumed>) = 0 [pid 5853] set_robust_list(0x7f53f81fb9a0, 24) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] memfd_create("syzkaller", 0 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... memfd_create resumed>) = 3 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5853] munmap(0x7f53efc00000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file1", 0777) = 0 [ 136.844158][ T5853] loop0: detected capacity change from 0 to 32768 [ 136.925868][ T5853] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 136.942351][ T5853] bcachefs (loop0): initializing new filesystem [ 136.949602][ T5853] bcachefs (loop0): going read-write [ 136.956526][ T5853] bcachefs (loop0): marking superblocks [ 136.969984][ T5853] bcachefs (loop0): initializing freespace [pid 5853] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file1") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] lseek(-1, 32767, SEEK_SET [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 136.976688][ T5853] bcachefs (loop0): done initializing freespace [ 136.984168][ T5853] bcachefs (loop0): reading snapshots table [ 136.990415][ T5853] bcachefs (loop0): reading snapshots done [ 137.003127][ T5853] bcachefs (loop0): done starting filesystem [pid 5852] <... futex resumed>) = 0 [pid 5853] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 4 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... ioctl resumed>) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] creat(NULL, 000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... open resumed>) = 5 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] memfd_create("syzkaller", 0) = 6 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5853] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5853] munmap(0x7f53efc00000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5853] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5853] ioctl(7, LOOP_CLR_FD) = 0 [pid 5853] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5853] close(7) = 0 [pid 5853] close(6) = 0 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] ftruncate(5, 33587195 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... ftruncate resumed>) = 0 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] sendfile(5, 5, NULL, 281474978811909 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5852] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053) = 0 [pid 5852] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] set_robust_list(0x7f53f81da9a0, 24 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] <... set_robust_list resumed>) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5852] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] ftruncate(5, 6 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... ftruncate resumed>) = 0 [pid 5853] <... sendfile resumed>) = 1572864 [pid 5864] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5864] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] write(-1, NULL, 0 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] write(-1, "0x0000000000000009", 18 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5853] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5852] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5864] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 137.400326][ T5836] bcachefs (loop0): shutting down [ 137.405500][ T5836] bcachefs (loop0): going read-only [ 137.410686][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 137.418978][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 26 [ 137.438813][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 28 [ 137.449683][ T5836] bcachefs (loop0): shutdown complete, journal seq 29 [ 137.457380][ T5836] bcachefs (loop0): marking filesystem clean [ 137.471836][ T5836] bcachefs (loop0): shutdown complete umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached , child_tidptr=0x55556fcaf690) = 5866 [pid 5866] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5866] chdir("./2") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5866] write(1, "executing program\n", 18) = 18 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5866] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053 [pid 5866] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] <... rseq resumed>) = 0 [pid 5867] set_robust_list(0x7f53f81fb9a0, 24) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5867] munmap(0x7f53efc00000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file1", 0777) = 0 [ 138.881359][ T5867] loop0: detected capacity change from 0 to 32768 [ 138.945548][ T5867] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 138.962047][ T5867] bcachefs (loop0): initializing new filesystem [ 138.969286][ T5867] bcachefs (loop0): going read-write [ 138.975808][ T5867] bcachefs (loop0): marking superblocks [ 138.988897][ T5867] bcachefs (loop0): initializing freespace [pid 5867] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file1") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5867] close(4) = 0 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [ 138.996066][ T5867] bcachefs (loop0): done initializing freespace [ 139.005057][ T5867] bcachefs (loop0): reading snapshots table [ 139.011046][ T5867] bcachefs (loop0): reading snapshots done [ 139.023406][ T5867] bcachefs (loop0): done starting filesystem [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] lseek(-1, 32767, SEEK_SET [pid 5866] <... futex resumed>) = 0 [pid 5867] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... openat resumed>) = 4 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] <... futex resumed>) = 0 [pid 5867] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... open resumed>) = 5 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] memfd_create("syzkaller", 0) = 6 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5867] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5867] munmap(0x7f53efc00000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5867] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5867] ioctl(7, LOOP_CLR_FD) = 0 [pid 5867] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5867] close(7) = 0 [pid 5867] close(6) = 0 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] ftruncate(5, 33587195 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... ftruncate resumed>) = 0 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] sendfile(5, 5, NULL, 281474978811909 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5866] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5878 attached => {parent_tid=[5878]}, 88) = 5878 [pid 5878] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] set_robust_list(0x7f53f81da9a0, 24 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5866] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... futex resumed>) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] ftruncate(5, 6 [pid 5867] <... sendfile resumed>) = 1900544 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... ftruncate resumed>) = 0 [pid 5878] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5878] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] write(-1, NULL, 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] write(-1, "0x0000000000000009", 18) = -1 EBADF (Bad file descriptor) [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5866] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5867] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5866] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] exit_group(0 [pid 5878] <... futex resumed>) = ? [pid 5867] <... futex resumed>) = ? [pid 5866] <... exit_group resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 139.475164][ T5836] bcachefs (loop0): shutting down [ 139.480227][ T5836] bcachefs (loop0): going read-only [ 139.485740][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 139.493104][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 32 [ 139.513082][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 34 [ 139.523582][ T5836] bcachefs (loop0): shutdown complete, journal seq 35 [ 139.531156][ T5836] bcachefs (loop0): marking filesystem clean [ 139.546478][ T5836] bcachefs (loop0): shutdown complete umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x55556fcaf690) = 5879 [pid 5879] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5879] chdir("./3") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5879] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053) = 0 [pid 5879] <... clone3 resumed> => {parent_tid=[5880]}, 88) = 5880 [pid 5880] set_robust_list(0x7f53f81fb9a0, 24 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] memfd_create("syzkaller", 0 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] <... memfd_create resumed>) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5880] munmap(0x7f53efc00000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./file1", 0777) = 0 [ 140.929509][ T5880] loop0: detected capacity change from 0 to 32768 [ 141.002931][ T5880] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 141.019665][ T5880] bcachefs (loop0): initializing new filesystem [ 141.027044][ T5880] bcachefs (loop0): going read-write [ 141.033410][ T5880] bcachefs (loop0): marking superblocks [ 141.046154][ T5880] bcachefs (loop0): initializing freespace [pid 5880] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file1") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_CLR_FD) = 0 [pid 5880] close(4) = 0 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] lseek(-1, 32767, SEEK_SET [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... openat resumed>) = 4 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0 [pid 5879] <... futex resumed>) = 0 [pid 5880] <... ioctl resumed>) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... open resumed>) = 5 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [ 141.052956][ T5880] bcachefs (loop0): done initializing freespace [ 141.061283][ T5880] bcachefs (loop0): reading snapshots table [ 141.067408][ T5880] bcachefs (loop0): reading snapshots done [ 141.079945][ T5880] bcachefs (loop0): done starting filesystem [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] memfd_create("syzkaller", 0) = 6 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5880] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5880] munmap(0x7f53efc00000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5880] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5880] ioctl(7, LOOP_CLR_FD) = 0 [pid 5880] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5880] close(7) = 0 [pid 5880] close(6) = 0 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5880] <... futex resumed>) = 1 [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] ftruncate(5, 33587195 [pid 5879] <... futex resumed>) = 0 [pid 5880] <... ftruncate resumed>) = 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5880] <... futex resumed>) = 1 [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] sendfile(5, 5, NULL, 281474978811909 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5879] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5879] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5891 attached => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rseq resumed>) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] set_robust_list(0x7f53f81da9a0, 24 [pid 5879] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] ftruncate(5, 6 [pid 5880] <... sendfile resumed>) = 1835008 [pid 5891] <... ftruncate resumed>) = 0 [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5891] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5880] write(-1, NULL, 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] write(-1, "0x0000000000000009", 18 [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5880] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5879] <... futex resumed>) = 1 [pid 5880] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5879] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] exit_group(0 [pid 5891] <... futex resumed>) = ? [pid 5880] <... futex resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ [pid 5879] <... exit_group resumed>) = ? [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 141.372334][ T5880] syz-executor385 (5880) used greatest stack depth: 12696 bytes left getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 141.468963][ T5836] bcachefs (loop0): shutting down [ 141.474023][ T5836] bcachefs (loop0): going read-only [ 141.479299][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 141.486629][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 31 [ 141.505448][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 34 [ 141.516109][ T5836] bcachefs (loop0): shutdown complete, journal seq 35 [ 141.523494][ T5836] bcachefs (loop0): marking filesystem clean [ 141.538831][ T5836] bcachefs (loop0): shutdown complete umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x55556fcaf690) = 5892 [pid 5892] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5892] chdir("./4") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] write(1, "executing program\n", 18executing program ) = 18 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5892] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5893 attached [pid 5893] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053 [pid 5892] <... clone3 resumed> => {parent_tid=[5893]}, 88) = 5893 [pid 5893] <... rseq resumed>) = 0 [pid 5893] set_robust_list(0x7f53f81fb9a0, 24) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5893] memfd_create("syzkaller", 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] <... memfd_create resumed>) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5893] munmap(0x7f53efc00000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file1", 0777) = 0 [ 142.965776][ T5893] loop0: detected capacity change from 0 to 32768 [ 143.045518][ T5893] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 143.061995][ T5893] bcachefs (loop0): initializing new filesystem [ 143.069226][ T5893] bcachefs (loop0): going read-write [ 143.075840][ T5893] bcachefs (loop0): marking superblocks [ 143.089157][ T5893] bcachefs (loop0): initializing freespace [pid 5893] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file1") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 143.096238][ T5893] bcachefs (loop0): done initializing freespace [ 143.103999][ T5893] bcachefs (loop0): reading snapshots table [ 143.110079][ T5893] bcachefs (loop0): reading snapshots done [ 143.122387][ T5893] bcachefs (loop0): done starting filesystem [pid 5893] ioctl(4, LOOP_CLR_FD) = 0 [pid 5893] close(4) = 0 [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] lseek(-1, 32767, SEEK_SET) = -1 EBADF (Bad file descriptor) [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... openat resumed>) = 4 [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... ioctl resumed>) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] creat(NULL, 000 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... open resumed>) = 5 [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] memfd_create("syzkaller", 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] <... memfd_create resumed>) = 6 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5893] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5893] munmap(0x7f53efc00000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5893] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5893] ioctl(7, LOOP_CLR_FD) = 0 [pid 5893] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5893] close(7) = 0 [pid 5893] close(6) = 0 [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5893] ftruncate(5, 33587195) = 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] sendfile(5, 5, NULL, 281474978811909 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5892] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0} => {parent_tid=[5904]}, 88) = 5904 ./strace-static-x86_64: Process 5904 attached [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053) = 0 [pid 5904] set_robust_list(0x7f53f81da9a0, 24) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] ftruncate(5, 6 [pid 5893] <... sendfile resumed>) = 3080192 [pid 5904] <... ftruncate resumed>) = 0 [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 1 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5893] write(-1, NULL, 0 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] write(-1, "0x0000000000000009", 18 [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5892] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5892] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5892] exit_group(0 [pid 5893] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = ? [pid 5893] <... futex resumed>) = ? [pid 5892] <... exit_group resumed>) = ? [pid 5904] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 143.617361][ T5836] bcachefs (loop0): shutting down [ 143.622451][ T5836] bcachefs (loop0): going read-only [ 143.628324][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 143.636157][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 50 [ 143.656694][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 52 [ 143.667245][ T5836] bcachefs (loop0): shutdown complete, journal seq 53 [ 143.674624][ T5836] bcachefs (loop0): marking filesystem clean [ 143.690946][ T5836] bcachefs (loop0): shutdown complete umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached , child_tidptr=0x55556fcaf690) = 5905 [pid 5905] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5905] chdir("./5") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5905] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053) = 0 [pid 5905] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] set_robust_list(0x7f53f81fb9a0, 24) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] memfd_create("syzkaller", 0 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... memfd_create resumed>) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7f53efc00000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file1", 0777) = 0 [ 145.070973][ T5906] loop0: detected capacity change from 0 to 32768 [ 145.134591][ T5906] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 145.151471][ T5906] bcachefs (loop0): initializing new filesystem [ 145.159140][ T5906] bcachefs (loop0): going read-write [ 145.166174][ T5906] bcachefs (loop0): marking superblocks [ 145.178669][ T5906] bcachefs (loop0): initializing freespace [pid 5906] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file1") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [pid 5906] close(4) = 0 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 145.185688][ T5906] bcachefs (loop0): done initializing freespace [ 145.194064][ T5906] bcachefs (loop0): reading snapshots table [ 145.200102][ T5906] bcachefs (loop0): reading snapshots done [ 145.212038][ T5906] bcachefs (loop0): done starting filesystem [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] lseek(-1, 32767, SEEK_SET) = -1 EBADF (Bad file descriptor) [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5905] <... futex resumed>) = 1 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... openat resumed>) = 4 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5906] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... ioctl resumed>) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] creat(NULL, 000 [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... open resumed>) = 5 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] memfd_create("syzkaller", 0) = 6 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5906] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5906] munmap(0x7f53efc00000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5906] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5906] ioctl(7, LOOP_CLR_FD) = 0 [pid 5906] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5906] close(7) = 0 [pid 5906] close(6) = 0 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] ftruncate(5, 33587195 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... ftruncate resumed>) = 0 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] sendfile(5, 5, NULL, 281474978811909 [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5905] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5905] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5917 attached [pid 5917] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053 [pid 5905] <... clone3 resumed> => {parent_tid=[5917]}, 88) = 5917 [pid 5917] <... rseq resumed>) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] set_robust_list(0x7f53f81da9a0, 24 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5905] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... futex resumed>) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] ftruncate(5, 6 [pid 5906] <... sendfile resumed>) = 1835008 [pid 5917] <... ftruncate resumed>) = 0 [pid 5917] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] write(-1, NULL, 0 [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] write(-1, "0x0000000000000009", 18 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5905] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] exit_group(0 [pid 5917] <... futex resumed>) = ? [pid 5906] <... futex resumed>) = ? [pid 5905] <... exit_group resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 145.584302][ T5836] bcachefs (loop0): shutting down [ 145.589634][ T5836] bcachefs (loop0): going read-only [ 145.594882][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 145.603028][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 31 [ 145.622751][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 35 [ 145.633592][ T5836] bcachefs (loop0): shutdown complete, journal seq 36 [ 145.641199][ T5836] bcachefs (loop0): marking filesystem clean [ 145.655929][ T5836] bcachefs (loop0): shutdown complete umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5836] <... clone resumed>, child_tidptr=0x55556fcaf690) = 5918 [pid 5918] chdir("./6") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5918] write(1, "executing program\n", 18) = 18 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5918] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5919 attached [pid 5919] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053) = 0 [pid 5918] <... clone3 resumed> => {parent_tid=[5919]}, 88) = 5919 [pid 5919] set_robust_list(0x7f53f81fb9a0, 24 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5919] munmap(0x7f53efc00000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file1", 0777) = 0 [ 147.008276][ T5919] loop0: detected capacity change from 0 to 32768 [ 147.082862][ T5919] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 147.099403][ T5919] bcachefs (loop0): initializing new filesystem [ 147.107141][ T5919] bcachefs (loop0): going read-write [ 147.113105][ T5919] bcachefs (loop0): marking superblocks [ 147.125893][ T5919] bcachefs (loop0): initializing freespace [pid 5919] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file1") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_CLR_FD) = 0 [ 147.133125][ T5919] bcachefs (loop0): done initializing freespace [ 147.140537][ T5919] bcachefs (loop0): reading snapshots table [ 147.147338][ T5919] bcachefs (loop0): reading snapshots done [ 147.159931][ T5919] bcachefs (loop0): done starting filesystem [pid 5919] close(4) = 0 [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 1 [pid 5919] lseek(-1, 32767, SEEK_SET [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502) = 4 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 1 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... open resumed>) = 5 [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] memfd_create("syzkaller", 0) = 6 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5919] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5919] munmap(0x7f53efc00000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5919] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5919] ioctl(7, LOOP_CLR_FD) = 0 [pid 5919] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5919] close(7) = 0 [pid 5919] close(6) = 0 [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] ftruncate(5, 33587195 [pid 5918] <... futex resumed>) = 0 [pid 5919] <... ftruncate resumed>) = 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] sendfile(5, 5, NULL, 281474978811909 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5918] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81ba000 [pid 5918] mprotect(0x7f53f81bb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81da990, parent_tid=0x7f53f81da990, exit_signal=0, stack=0x7f53f81ba000, stack_size=0x20300, tls=0x7f53f81da6c0}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7f53f81dafe0, 0x20, 0, 0x53053053 [pid 5918] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] <... rseq resumed>) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] set_robust_list(0x7f53f81da9a0, 24 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5918] futex(0x7f53f82f16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... futex resumed>) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7f53f82f16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] ftruncate(5, 6) = 0 [pid 5919] <... sendfile resumed>) = 1769472 [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] futex(0x7f53f82f16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] futex(0x7f53f82f16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] write(-1, NULL, 0 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] write(-1, "0x0000000000000009", 18 [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] fallocate(-1, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 0, 2 [pid 5918] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... fallocate resumed>) = -1 EBADF (Bad file descriptor) [pid 5919] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] exit_group(0 [pid 5919] ???( [pid 5918] <... exit_group resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5919] <... ??? resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556fcb0730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 147.623202][ T5836] bcachefs (loop0): shutting down [ 147.628413][ T5836] bcachefs (loop0): going read-only [ 147.633602][ T5836] bcachefs (loop0): finished waiting for writes to stop [ 147.641382][ T5836] bcachefs (loop0): flushing journal and stopping allocators, journal seq 30 [ 147.660854][ T5836] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 33 [ 147.671288][ T5836] bcachefs (loop0): shutdown complete, journal seq 34 [ 147.678969][ T5836] bcachefs (loop0): marking filesystem clean [ 147.694664][ T5836] bcachefs (loop0): shutdown complete umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556fcb8770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556fcb8770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55556fcb0730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached , child_tidptr=0x55556fcaf690) = 5931 [pid 5931] set_robust_list(0x55556fcaf6a0, 24) = 0 [pid 5931] chdir("./7") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18executing program ) = 18 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7f53f826b3b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f53f825c560}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f53f81db000 [pid 5931] mprotect(0x7f53f81dc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f53f81fb990, parent_tid=0x7f53f81fb990, exit_signal=0, stack=0x7f53f81db000, stack_size=0x20300, tls=0x7f53f81fb6c0}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7f53f81fbfe0, 0x20, 0, 0x53053053) = 0 [pid 5932] set_robust_list(0x7f53f81fb9a0, 24 [pid 5931] <... clone3 resumed> => {parent_tid=[5932]}, 88) = 5932 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] memfd_create("syzkaller", 0 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] <... memfd_create resumed>) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5932] munmap(0x7f53efc00000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file1", 0777) = 0 [ 149.137865][ T5932] loop0: detected capacity change from 0 to 32768 [ 149.210813][ T5932] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 149.227615][ T5932] bcachefs (loop0): initializing new filesystem [ 149.234717][ T5932] bcachefs (loop0): going read-write [ 149.240946][ T5932] bcachefs (loop0): marking superblocks [ 149.254816][ T5932] bcachefs (loop0): initializing freespace [pid 5932] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5932] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file1") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_CLR_FD) = 0 [ 149.261731][ T5932] bcachefs (loop0): done initializing freespace [ 149.269727][ T5932] bcachefs (loop0): reading snapshots table [ 149.275765][ T5932] bcachefs (loop0): reading snapshots done [ 149.288004][ T5932] bcachefs (loop0): done starting filesystem [pid 5932] close(4) = 0 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] lseek(-1, 32767, SEEK_SET [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... lseek resumed>) = -1 EBADF (Bad file descriptor) [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME, 0502 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... openat resumed>) = 4 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x10, 0x8), 0x20000ec0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] creat(NULL, 000 [pid 5931] <... futex resumed>) = 0 [pid 5932] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... open resumed>) = 5 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] memfd_create("syzkaller", 0) = 6 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53efc00000 [pid 5932] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5932] munmap(0x7f53efc00000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5932] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5932] ioctl(7, LOOP_CLR_FD) = 0 [pid 5932] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5932] close(7) = 0 [pid 5932] close(6) = 0 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] ftruncate(5, 33587195 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f53f82f16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... ftruncate resumed>) = 0 [pid 5932] futex(0x7f53f82f16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f53f82f16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] futex(0x7f53f82f16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] sendfile(5, 5, NULL, 281474978811909