./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1482200475 <...> Warning: Permanently added '10.128.1.159' (ECDSA) to the list of known hosts. execve("./syz-executor1482200475", ["./syz-executor1482200475"], 0x7ffdc9b50bb0 /* 10 vars */) = 0 brk(NULL) = 0x555556519000 brk(0x555556519c40) = 0x555556519c40 arch_prctl(ARCH_SET_FS, 0x555556519300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555565195d0) = 4991 set_robust_list(0x5555565195e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f206a95b9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f206a95c0a0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f206a95ba70, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f206a95c0a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1482200475", 4096) = 28 brk(0x55555653ac40) = 0x55555653ac40 brk(0x55555653b000) = 0x55555653b000 mprotect(0x7f206aa22000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4991 mkdir("./syzkaller.sLE7NC", 0700) = 0 chmod("./syzkaller.sLE7NC", 0777) = 0 chdir("./syzkaller.sLE7NC") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4992 attached , child_tidptr=0x5555565195d0) = 4992 [pid 4992] set_robust_list(0x5555565195e0, 24) = 0 [pid 4992] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 4992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4992] setsid() = 1 [pid 4992] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 4992] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 4992] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 4992] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 4992] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 4992] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 4992] unshare(CLONE_NEWNS) = 0 [pid 4992] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 4992] unshare(CLONE_NEWIPC) = 0 [pid 4992] unshare(CLONE_NEWCGROUP) = 0 [pid 4992] unshare(CLONE_NEWUTS) = 0 [pid 4992] unshare(CLONE_SYSVSEM) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "16777216", 8) = 8 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "536870912", 9) = 9 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "1024", 4) = 4 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "8192", 4) = 4 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "1024", 4) = 4 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "1024", 4) = 4 [pid 4992] close(3) = 0 [pid 4992] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "1024 1048576 500 1024", 21) = 21 [pid 4992] close(3) = 0 [pid 4992] getpid() = 1 [pid 4992] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4996] <... set_robust_list resumed>) = 0 [pid 4996] memfd_create("syzkaller", 0) = 3 [pid 4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [ 56.014610][ T4996] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4996 'syz-executor148' [pid 4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4996] munmap(0x7f206252a000, 16777216) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4996] close(3) = 0 [pid 4996] mkdir("./bus", 0777) = 0 [ 56.180385][ T4996] loop0: detected capacity change from 0 to 32768 [ 56.192803][ T4996] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (4996) [ 56.211954][ T4996] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.221052][ T4996] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 56.231907][ T4996] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 56.242774][ T4996] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.253430][ T4996] BTRFS info (device loop0): trying to use backup root at mount time [ 56.261995][ T4996] BTRFS info (device loop0): use zlib compression, level 3 [ 56.269269][ T4996] BTRFS info (device loop0): enabling ssd optimizations [pid 4996] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 4996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 4996] chdir("./bus") = 0 [pid 4996] ioctl(4, LOOP_CLR_FD) = 0 [pid 4996] close(4) = 0 [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.276296][ T4996] BTRFS info (device loop0): using spread ssd allocation scheme [ 56.284004][ T4996] BTRFS info (device loop0): using free space tree [ 56.306746][ T4996] BTRFS info (device loop0): auto enabling async discard [pid 4996] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 1 [pid 4996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 1 [pid 4996] open("./file2", O_RDONLY) = 6 [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 56.358013][ T27] audit: type=1800 audit(1686955368.923:2): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4996] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] <... futex resumed>) = 0 [pid 4995] <... futex resumed>) = 1 [pid 4996] creat("./bus", 000) = 7 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] <... futex resumed>) = 0 [pid 4995] <... futex resumed>) = 1 [pid 4996] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] fallocate(5, 0, 0, 1048816 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... fallocate resumed>) = 0 [pid 4996] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] sendfile(7, 5, NULL, 142606336 [pid 4995] <... futex resumed>) = 0 [ 56.396968][ T27] audit: type=1800 audit(1686955368.943:3): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4995] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4995] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 4995] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4995] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 4 [pid 4995] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5015] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5015] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] <... futex resumed>) = 0 [pid 5015] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] close(3) = 0 [pid 4995] close(4) = 0 [pid 4995] close(5) = 0 [pid 4995] close(6) = 0 [pid 4995] close(7) = 0 [pid 4995] close(8) = -1 EBADF (Bad file descriptor) [pid 4995] close(9) = -1 EBADF (Bad file descriptor) [pid 4995] close(10) = -1 EBADF (Bad file descriptor) [pid 4995] close(11) = -1 EBADF (Bad file descriptor) [pid 4995] close(12) = -1 EBADF (Bad file descriptor) [pid 4995] close(13) = -1 EBADF (Bad file descriptor) [pid 4995] close(14) = -1 EBADF (Bad file descriptor) [pid 4995] close(15) = -1 EBADF (Bad file descriptor) [pid 4995] close(16) = -1 EBADF (Bad file descriptor) [pid 4995] close(17) = -1 EBADF (Bad file descriptor) [pid 4995] close(18) = -1 EBADF (Bad file descriptor) [pid 4995] close(19) = -1 EBADF (Bad file descriptor) [pid 4995] close(20) = -1 EBADF (Bad file descriptor) [pid 4995] close(21) = -1 EBADF (Bad file descriptor) [pid 4995] close(22) = -1 EBADF (Bad file descriptor) [pid 4995] close(23) = -1 EBADF (Bad file descriptor) [pid 4995] close(24) = -1 EBADF (Bad file descriptor) [pid 4995] close(25) = -1 EBADF (Bad file descriptor) [pid 4995] close(26) = -1 EBADF (Bad file descriptor) [pid 4995] close(27) = -1 EBADF (Bad file descriptor) [pid 4995] close(28) = -1 EBADF (Bad file descriptor) [pid 4995] close(29) = -1 EBADF (Bad file descriptor) [pid 4995] exit_group(0) = ? [pid 5015] <... futex resumed>) = ? [pid 5015] +++ exited with 0 +++ [pid 4996] <... sendfile resumed>) = ? [pid 4996] +++ exited with 0 +++ [pid 4995] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./0/bus") = 0 [pid 4992] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./0/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./0") = 0 [pid 4992] mkdir("./1", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 5 ./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x5555565195e0, 24) = 0 [pid 5028] chdir("./1") = 0 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5028] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5029 attached , parent_tid=[6], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 6 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5029] memfd_create("syzkaller", 0) = 3 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5029] munmap(0x7f206252a000, 16777216) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5029] close(3) = 0 [pid 5029] mkdir("./bus", 0777) = 0 [ 57.041045][ T5029] loop0: detected capacity change from 0 to 32768 [ 57.052111][ T5029] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5029) [ 57.068926][ T5029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.078084][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.089369][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.100516][ T5029] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.111637][ T5029] BTRFS info (device loop0): trying to use backup root at mount time [ 57.120048][ T5029] BTRFS info (device loop0): use zlib compression, level 3 [ 57.127681][ T5029] BTRFS info (device loop0): enabling ssd optimizations [pid 5029] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5029] chdir("./bus") = 0 [pid 5029] ioctl(4, LOOP_CLR_FD) = 0 [pid 5029] close(4) = 0 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [ 57.134877][ T5029] BTRFS info (device loop0): using spread ssd allocation scheme [ 57.142531][ T5029] BTRFS info (device loop0): using free space tree [ 57.162013][ T5029] BTRFS info (device loop0): auto enabling async discard [pid 5029] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] open("./file2", O_RDONLY) = 6 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] creat("./bus", 000) = 7 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] fallocate(5, 0, 0, 1048816) = 0 [pid 5029] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5029] <... futex resumed>) = 1 [pid 5029] sendfile(7, 5, NULL, 142606336 [pid 5028] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.180969][ T27] audit: type=1800 audit(1686955369.743:4): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.203045][ T27] audit: type=1800 audit(1686955369.763:5): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5028] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5028] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5028] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 7 [pid 5028] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5047] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=10, ...}) = 0 [pid 5047] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5047] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] close(3) = 0 [pid 5028] close(4) = 0 [pid 5028] close(5) = 0 [pid 5028] close(6) = 0 [pid 5028] close(7) = 0 [pid 5028] close(8) = -1 EBADF (Bad file descriptor) [pid 5028] close(9) = -1 EBADF (Bad file descriptor) [pid 5028] close(10) = -1 EBADF (Bad file descriptor) [pid 5028] close(11) = -1 EBADF (Bad file descriptor) [pid 5028] close(12) = -1 EBADF (Bad file descriptor) [pid 5028] close(13) = -1 EBADF (Bad file descriptor) [pid 5028] close(14) = -1 EBADF (Bad file descriptor) [pid 5028] close(15) = -1 EBADF (Bad file descriptor) [pid 5028] close(16) = -1 EBADF (Bad file descriptor) [pid 5028] close(17) = -1 EBADF (Bad file descriptor) [pid 5028] close(18) = -1 EBADF (Bad file descriptor) [pid 5028] close(19) = -1 EBADF (Bad file descriptor) [pid 5028] close(20) = -1 EBADF (Bad file descriptor) [pid 5028] close(21) = -1 EBADF (Bad file descriptor) [pid 5028] close(22) = -1 EBADF (Bad file descriptor) [pid 5028] close(23) = -1 EBADF (Bad file descriptor) [pid 5028] close(24) = -1 EBADF (Bad file descriptor) [pid 5028] close(25) = -1 EBADF (Bad file descriptor) [pid 5028] close(26) = -1 EBADF (Bad file descriptor) [pid 5028] close(27) = -1 EBADF (Bad file descriptor) [pid 5028] close(28) = -1 EBADF (Bad file descriptor) [pid 5028] close(29) = -1 EBADF (Bad file descriptor) [pid 5028] exit_group(0 [pid 5047] <... futex resumed>) = ? [pid 5028] <... exit_group resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5029] <... sendfile resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./1/bus") = 0 [pid 4992] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./1/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./1") = 0 [pid 4992] mkdir("./2", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 8 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x5555565195e0, 24) = 0 [pid 5049] chdir("./2") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5049] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5050 attached , parent_tid=[9], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 9 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5050] munmap(0x7f206252a000, 16777216) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./bus", 0777) = 0 [ 57.836075][ T5050] loop0: detected capacity change from 0 to 32768 [ 57.847676][ T5050] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5050) [ 57.864962][ T5050] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.874066][ T5050] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.885583][ T5050] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.896728][ T5050] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.908906][ T5050] BTRFS info (device loop0): trying to use backup root at mount time [ 57.917131][ T5050] BTRFS info (device loop0): use zlib compression, level 3 [ 57.924972][ T5050] BTRFS info (device loop0): enabling ssd optimizations [pid 5050] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./bus") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.931950][ T5050] BTRFS info (device loop0): using spread ssd allocation scheme [ 57.939645][ T5050] BTRFS info (device loop0): using free space tree [ 57.956960][ T5050] BTRFS info (device loop0): auto enabling async discard [pid 5050] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... open resumed>) = 5 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] open("./file2", O_RDONLY) = 6 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] creat("./bus", 000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... creat resumed>) = 7 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] fallocate(5, 0, 0, 1048816 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... fallocate resumed>) = 0 [pid 5050] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5049] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] sendfile(7, 5, NULL, 142606336 [ 57.994455][ T27] audit: type=1800 audit(1686955370.563:6): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 58.018840][ T27] audit: type=1800 audit(1686955370.583:7): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5049] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5049] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5049] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 10 [pid 5049] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5068] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=9, ...}) = 0 [pid 5068] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] close(3) = 0 [pid 5049] close(4) = 0 [pid 5049] close(5) = 0 [pid 5049] close(6) = 0 [pid 5049] close(7) = 0 [pid 5049] close(8) = -1 EBADF (Bad file descriptor) [pid 5049] close(9) = -1 EBADF (Bad file descriptor) [pid 5049] close(10) = -1 EBADF (Bad file descriptor) [pid 5049] close(11) = -1 EBADF (Bad file descriptor) [pid 5049] close(12) = -1 EBADF (Bad file descriptor) [pid 5049] close(13) = -1 EBADF (Bad file descriptor) [pid 5049] close(14) = -1 EBADF (Bad file descriptor) [pid 5049] close(15) = -1 EBADF (Bad file descriptor) [pid 5049] close(16) = -1 EBADF (Bad file descriptor) [pid 5049] close(17) = -1 EBADF (Bad file descriptor) [pid 5049] close(18) = -1 EBADF (Bad file descriptor) [pid 5049] close(19) = -1 EBADF (Bad file descriptor) [pid 5049] close(20) = -1 EBADF (Bad file descriptor) [pid 5049] close(21) = -1 EBADF (Bad file descriptor) [pid 5049] close(22) = -1 EBADF (Bad file descriptor) [pid 5049] close(23) = -1 EBADF (Bad file descriptor) [pid 5049] close(24) = -1 EBADF (Bad file descriptor) [pid 5049] close(25) = -1 EBADF (Bad file descriptor) [pid 5049] close(26) = -1 EBADF (Bad file descriptor) [pid 5049] close(27) = -1 EBADF (Bad file descriptor) [pid 5049] close(28) = -1 EBADF (Bad file descriptor) [pid 5049] close(29) = -1 EBADF (Bad file descriptor) [pid 5049] exit_group(0 [pid 5068] <... futex resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5049] <... exit_group resumed>) = ? [pid 5050] <... sendfile resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- [pid 4992] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./2/bus") = 0 [pid 4992] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./2/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./2") = 0 [pid 4992] mkdir("./3", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 11 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x5555565195e0, 24) = 0 [pid 5070] chdir("./3") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5070] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[12], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 12 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5071] munmap(0x7f206252a000, 16777216) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./bus", 0777) = 0 [ 58.620700][ T5071] loop0: detected capacity change from 0 to 32768 [ 58.631578][ T5071] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5071) [ 58.648284][ T5071] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.657106][ T5071] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.668779][ T5071] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.679633][ T5071] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.690631][ T5071] BTRFS info (device loop0): trying to use backup root at mount time [ 58.698882][ T5071] BTRFS info (device loop0): use zlib compression, level 3 [ 58.706169][ T5071] BTRFS info (device loop0): enabling ssd optimizations [ 58.713121][ T5071] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5071] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./bus") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 0 [ 58.720860][ T5071] BTRFS info (device loop0): using free space tree [ 58.739982][ T5071] BTRFS info (device loop0): auto enabling async discard [pid 5071] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 5 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5071] open("./file2", O_RDONLY [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 6 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] creat("./bus", 000) = 7 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... copy_file_range resumed>) = 9000 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] fallocate(5, 0, 0, 1048816 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... fallocate resumed>) = 0 [pid 5071] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] sendfile(7, 5, NULL, 142606336 [ 58.767555][ T27] audit: type=1800 audit(1686955371.333:8): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 58.790767][ T27] audit: type=1800 audit(1686955371.353:9): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5070] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5070] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5070] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[13], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 13 [pid 5070] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5089] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=10, ...}) = 0 [pid 5089] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5089] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] close(3) = 0 [pid 5070] close(4) = 0 [pid 5070] close(5) = 0 [pid 5070] close(6) = 0 [pid 5070] close(7) = 0 [pid 5070] close(8) = -1 EBADF (Bad file descriptor) [pid 5070] close(9) = -1 EBADF (Bad file descriptor) [pid 5070] close(10) = -1 EBADF (Bad file descriptor) [pid 5070] close(11) = -1 EBADF (Bad file descriptor) [pid 5070] close(12) = -1 EBADF (Bad file descriptor) [pid 5070] close(13) = -1 EBADF (Bad file descriptor) [pid 5070] close(14) = -1 EBADF (Bad file descriptor) [pid 5070] close(15) = -1 EBADF (Bad file descriptor) [pid 5070] close(16) = -1 EBADF (Bad file descriptor) [pid 5070] close(17) = -1 EBADF (Bad file descriptor) [pid 5070] close(18) = -1 EBADF (Bad file descriptor) [pid 5070] close(19) = -1 EBADF (Bad file descriptor) [pid 5070] close(20) = -1 EBADF (Bad file descriptor) [pid 5070] close(21) = -1 EBADF (Bad file descriptor) [pid 5070] close(22) = -1 EBADF (Bad file descriptor) [pid 5070] close(23) = -1 EBADF (Bad file descriptor) [pid 5070] close(24) = -1 EBADF (Bad file descriptor) [pid 5070] close(25) = -1 EBADF (Bad file descriptor) [pid 5070] close(26) = -1 EBADF (Bad file descriptor) [pid 5070] close(27) = -1 EBADF (Bad file descriptor) [pid 5070] close(28) = -1 EBADF (Bad file descriptor) [pid 5070] close(29) = -1 EBADF (Bad file descriptor) [pid 5070] exit_group(0) = ? [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5071] <... sendfile resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- [pid 4992] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./3/bus") = 0 [pid 4992] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./3/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./3") = 0 [pid 4992] mkdir("./4", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x5555565195d0) = 14 [pid 5090] set_robust_list(0x5555565195e0, 24) = 0 [pid 5090] chdir("./4") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5090] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5090] <... clone resumed>, parent_tid=[15], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 15 [pid 5091] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] memfd_create("syzkaller", 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... memfd_create resumed>) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5091] munmap(0x7f206252a000, 16777216) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./bus", 0777) = 0 [ 59.372190][ T5091] loop0: detected capacity change from 0 to 32768 [ 59.382526][ T5091] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5091) [ 59.398283][ T5091] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.407156][ T5091] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 59.418049][ T5091] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 59.428856][ T5091] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.439502][ T5091] BTRFS info (device loop0): trying to use backup root at mount time [ 59.447609][ T5091] BTRFS info (device loop0): use zlib compression, level 3 [ 59.454880][ T5091] BTRFS info (device loop0): enabling ssd optimizations [ 59.461829][ T5091] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5091] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./bus") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [ 59.469546][ T5091] BTRFS info (device loop0): using free space tree [ 59.485670][ T5091] BTRFS info (device loop0): auto enabling async discard [pid 5091] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./file2", O_RDONLY) = 6 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] creat("./bus", 000 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... creat resumed>) = 7 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... copy_file_range resumed>) = 9000 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] fallocate(5, 0, 0, 1048816 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... fallocate resumed>) = 0 [pid 5091] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] sendfile(7, 5, NULL, 142606336 [pid 5090] <... futex resumed>) = 0 [ 59.506274][ T27] audit: type=1800 audit(1686955372.073:10): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 59.537456][ T27] audit: type=1800 audit(1686955372.093:11): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5090] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5090] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5090] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5109 attached , parent_tid=[16], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 16 [pid 5109] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5109] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5109] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5090] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5109] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5109] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] close(3) = 0 [pid 5090] close(4) = 0 [pid 5090] close(5) = 0 [pid 5090] close(6) = 0 [pid 5090] close(7) = 0 [pid 5090] close(8) = -1 EBADF (Bad file descriptor) [pid 5090] close(9) = -1 EBADF (Bad file descriptor) [pid 5090] close(10) = -1 EBADF (Bad file descriptor) [pid 5090] close(11) = -1 EBADF (Bad file descriptor) [pid 5090] close(12) = -1 EBADF (Bad file descriptor) [pid 5090] close(13) = -1 EBADF (Bad file descriptor) [pid 5090] close(14) = -1 EBADF (Bad file descriptor) [pid 5090] close(15) = -1 EBADF (Bad file descriptor) [pid 5090] close(16) = -1 EBADF (Bad file descriptor) [pid 5090] close(17) = -1 EBADF (Bad file descriptor) [pid 5090] close(18) = -1 EBADF (Bad file descriptor) [pid 5090] close(19) = -1 EBADF (Bad file descriptor) [pid 5090] close(20) = -1 EBADF (Bad file descriptor) [pid 5090] close(21) = -1 EBADF (Bad file descriptor) [pid 5090] close(22) = -1 EBADF (Bad file descriptor) [pid 5090] close(23) = -1 EBADF (Bad file descriptor) [pid 5090] close(24) = -1 EBADF (Bad file descriptor) [pid 5090] close(25) = -1 EBADF (Bad file descriptor) [pid 5090] close(26) = -1 EBADF (Bad file descriptor) [pid 5090] close(27) = -1 EBADF (Bad file descriptor) [pid 5090] close(28) = -1 EBADF (Bad file descriptor) [pid 5090] close(29) = -1 EBADF (Bad file descriptor) [pid 5090] exit_group(0) = ? [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5091] <... sendfile resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 4992] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./4/bus") = 0 [pid 4992] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./4/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./4") = 0 [pid 4992] mkdir("./5", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x5555565195d0) = 17 [pid 5110] set_robust_list(0x5555565195e0, 24) = 0 [pid 5110] chdir("./5") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5110] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[18], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 18 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5111] munmap(0x7f206252a000, 16777216) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./bus", 0777) = 0 [ 60.141436][ T5111] loop0: detected capacity change from 0 to 32768 [ 60.151728][ T5111] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5111) [ 60.170158][ T5111] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.179209][ T5111] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.190625][ T5111] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.201790][ T5111] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 60.212732][ T5111] BTRFS info (device loop0): trying to use backup root at mount time [ 60.221007][ T5111] BTRFS info (device loop0): use zlib compression, level 3 [ 60.228376][ T5111] BTRFS info (device loop0): enabling ssd optimizations [pid 5111] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./bus") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] open("./file2", O_RDONLY) = 6 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] creat("./bus", 000) = 7 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] fallocate(5, 0, 0, 1048816) = 0 [pid 5111] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [ 60.235457][ T5111] BTRFS info (device loop0): using spread ssd allocation scheme [ 60.243262][ T5111] BTRFS info (device loop0): using free space tree [ 60.260855][ T5111] BTRFS info (device loop0): auto enabling async discard [pid 5111] sendfile(7, 5, NULL, 142606336 [pid 5110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5110] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[19], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 19 [pid 5110] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5129] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5129] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5129] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] close(3) = 0 [pid 5110] close(4) = 0 [pid 5110] close(5) = 0 [pid 5110] close(6) = 0 [pid 5110] close(7) = 0 [pid 5110] close(8) = -1 EBADF (Bad file descriptor) [pid 5110] close(9) = -1 EBADF (Bad file descriptor) [pid 5110] close(10) = -1 EBADF (Bad file descriptor) [pid 5110] close(11) = -1 EBADF (Bad file descriptor) [pid 5110] close(12) = -1 EBADF (Bad file descriptor) [pid 5110] close(13) = -1 EBADF (Bad file descriptor) [pid 5110] close(14) = -1 EBADF (Bad file descriptor) [pid 5110] close(15) = -1 EBADF (Bad file descriptor) [pid 5110] close(16) = -1 EBADF (Bad file descriptor) [pid 5110] close(17) = -1 EBADF (Bad file descriptor) [pid 5110] close(18) = -1 EBADF (Bad file descriptor) [pid 5110] close(19) = -1 EBADF (Bad file descriptor) [pid 5110] close(20) = -1 EBADF (Bad file descriptor) [pid 5110] close(21) = -1 EBADF (Bad file descriptor) [pid 5110] close(22) = -1 EBADF (Bad file descriptor) [pid 5110] close(23) = -1 EBADF (Bad file descriptor) [pid 5110] close(24) = -1 EBADF (Bad file descriptor) [pid 5110] close(25) = -1 EBADF (Bad file descriptor) [pid 5110] close(26) = -1 EBADF (Bad file descriptor) [pid 5110] close(27) = -1 EBADF (Bad file descriptor) [pid 5110] close(28) = -1 EBADF (Bad file descriptor) [pid 5110] close(29) = -1 EBADF (Bad file descriptor) [pid 5110] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5111] <... sendfile resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./5/bus") = 0 [pid 4992] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./5/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./5") = 0 [pid 4992] mkdir("./6", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 20 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x5555565195e0, 24) = 0 [pid 5131] chdir("./6") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5131] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[21], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 21 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5132] munmap(0x7f206252a000, 16777216) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./bus", 0777) = 0 [ 60.896841][ T5132] loop0: detected capacity change from 0 to 32768 [ 60.906587][ T5132] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5132) [ 60.923235][ T5132] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.932391][ T5132] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.943535][ T5132] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.954719][ T5132] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 60.965625][ T5132] BTRFS info (device loop0): trying to use backup root at mount time [ 60.974114][ T5132] BTRFS info (device loop0): use zlib compression, level 3 [ 60.981349][ T5132] BTRFS info (device loop0): enabling ssd optimizations [ 60.988464][ T5132] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5132] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./bus") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... open resumed>) = 4 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... open resumed>) = 5 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] open("./file2", O_RDONLY [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.996419][ T5132] BTRFS info (device loop0): using free space tree [ 61.014730][ T5132] BTRFS info (device loop0): auto enabling async discard [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 6 [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] creat("./bus", 000 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... creat resumed>) = 7 [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... copy_file_range resumed>) = 9000 [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] fallocate(5, 0, 0, 1048816) = 0 [pid 5132] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] sendfile(7, 5, NULL, 142606336 [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5131] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[22], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 22 [pid 5131] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5150] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5150] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5150] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] close(3) = 0 [pid 5131] close(4) = 0 [pid 5131] close(5) = 0 [pid 5131] close(6) = 0 [pid 5131] close(7) = 0 [pid 5131] close(8) = -1 EBADF (Bad file descriptor) [pid 5131] close(9) = -1 EBADF (Bad file descriptor) [pid 5131] close(10) = -1 EBADF (Bad file descriptor) [pid 5131] close(11) = -1 EBADF (Bad file descriptor) [pid 5131] close(12) = -1 EBADF (Bad file descriptor) [pid 5131] close(13) = -1 EBADF (Bad file descriptor) [pid 5131] close(14) = -1 EBADF (Bad file descriptor) [pid 5131] close(15) = -1 EBADF (Bad file descriptor) [pid 5131] close(16) = -1 EBADF (Bad file descriptor) [pid 5131] close(17) = -1 EBADF (Bad file descriptor) [pid 5131] close(18) = -1 EBADF (Bad file descriptor) [pid 5131] close(19) = -1 EBADF (Bad file descriptor) [pid 5131] close(20) = -1 EBADF (Bad file descriptor) [pid 5131] close(21) = -1 EBADF (Bad file descriptor) [pid 5131] close(22) = -1 EBADF (Bad file descriptor) [pid 5131] close(23) = -1 EBADF (Bad file descriptor) [pid 5131] close(24) = -1 EBADF (Bad file descriptor) [pid 5131] close(25) = -1 EBADF (Bad file descriptor) [pid 5131] close(26) = -1 EBADF (Bad file descriptor) [pid 5131] close(27) = -1 EBADF (Bad file descriptor) [pid 5131] close(28) = -1 EBADF (Bad file descriptor) [pid 5131] close(29) = -1 EBADF (Bad file descriptor) [pid 5131] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5132] <... sendfile resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./6/bus") = 0 [pid 4992] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./6/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./6") = 0 [pid 4992] mkdir("./7", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 23 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x5555565195e0, 24) = 0 [pid 5151] chdir("./7") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5151] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5152 attached , parent_tid=[24], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 24 [pid 5152] set_robust_list(0x7f206a94a9e0, 24 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5152] memfd_create("syzkaller", 0 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5152] <... memfd_create resumed>) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5152] munmap(0x7f206252a000, 16777216) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./bus", 0777) = 0 [ 61.688975][ T5152] loop0: detected capacity change from 0 to 32768 [ 61.699087][ T5152] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5152) [ 61.715265][ T5152] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.724380][ T5152] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 61.736259][ T5152] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 61.747212][ T5152] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 61.758431][ T5152] BTRFS info (device loop0): trying to use backup root at mount time [ 61.766844][ T5152] BTRFS info (device loop0): use zlib compression, level 3 [ 61.774154][ T5152] BTRFS info (device loop0): enabling ssd optimizations [ 61.781584][ T5152] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5152] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5152] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./bus") = 0 [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [ 61.789311][ T5152] BTRFS info (device loop0): using free space tree [ 61.808026][ T5152] BTRFS info (device loop0): auto enabling async discard [ 61.831365][ T27] kauditd_printk_skb: 4 callbacks suppressed [pid 5152] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5152] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... open resumed>) = 5 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] open("./file2", O_RDONLY [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... open resumed>) = 6 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] creat("./bus", 000 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... creat resumed>) = 7 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... copy_file_range resumed>) = 9000 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] fallocate(5, 0, 0, 1048816 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... fallocate resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] sendfile(7, 5, NULL, 142606336 [pid 5151] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.831378][ T27] audit: type=1800 audit(1686955374.393:16): pid=5152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 61.869087][ T27] audit: type=1800 audit(1686955374.433:17): pid=5152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5151] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5151] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5151] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[25], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 25 [pid 5151] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5170] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=10, ...}) = 0 [pid 5170] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5170] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] close(3) = 0 [pid 5151] close(4) = 0 [pid 5151] close(5) = 0 [pid 5151] close(6) = 0 [pid 5151] close(7) = 0 [pid 5151] close(8) = -1 EBADF (Bad file descriptor) [pid 5151] close(9) = -1 EBADF (Bad file descriptor) [pid 5151] close(10) = -1 EBADF (Bad file descriptor) [pid 5151] close(11) = -1 EBADF (Bad file descriptor) [pid 5151] close(12) = -1 EBADF (Bad file descriptor) [pid 5151] close(13) = -1 EBADF (Bad file descriptor) [pid 5151] close(14) = -1 EBADF (Bad file descriptor) [pid 5151] close(15) = -1 EBADF (Bad file descriptor) [pid 5151] close(16) = -1 EBADF (Bad file descriptor) [pid 5151] close(17) = -1 EBADF (Bad file descriptor) [pid 5151] close(18) = -1 EBADF (Bad file descriptor) [pid 5151] close(19) = -1 EBADF (Bad file descriptor) [pid 5151] close(20) = -1 EBADF (Bad file descriptor) [pid 5151] close(21) = -1 EBADF (Bad file descriptor) [pid 5151] close(22) = -1 EBADF (Bad file descriptor) [pid 5151] close(23) = -1 EBADF (Bad file descriptor) [pid 5151] close(24) = -1 EBADF (Bad file descriptor) [pid 5151] close(25) = -1 EBADF (Bad file descriptor) [pid 5151] close(26) = -1 EBADF (Bad file descriptor) [pid 5151] close(27) = -1 EBADF (Bad file descriptor) [pid 5151] close(28) = -1 EBADF (Bad file descriptor) [pid 5151] close(29) = -1 EBADF (Bad file descriptor) [pid 5151] exit_group(0) = ? [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5152] <... sendfile resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./7/bus") = 0 [pid 4992] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./7/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./7") = 0 [pid 4992] mkdir("./8", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 26 ./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x5555565195e0, 24) = 0 [pid 5172] chdir("./8") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5172] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[27], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 27 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5173] munmap(0x7f206252a000, 16777216) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] mkdir("./bus", 0777) = 0 [ 62.456275][ T5173] loop0: detected capacity change from 0 to 32768 [ 62.466731][ T5173] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5173) [ 62.483066][ T5173] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.491890][ T5173] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.502712][ T5173] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.513545][ T5173] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.524695][ T5173] BTRFS info (device loop0): trying to use backup root at mount time [ 62.532769][ T5173] BTRFS info (device loop0): use zlib compression, level 3 [ 62.540034][ T5173] BTRFS info (device loop0): enabling ssd optimizations [ 62.547053][ T5173] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5173] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5173] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./bus") = 0 [pid 5173] ioctl(4, LOOP_CLR_FD) = 0 [pid 5173] close(4) = 0 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [ 62.554742][ T5173] BTRFS info (device loop0): using free space tree [ 62.571857][ T5173] BTRFS info (device loop0): auto enabling async discard [pid 5173] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] open("./file2", O_RDONLY) = 6 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] creat("./bus", 000) = 7 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] fallocate(5, 0, 0, 1048816) = 0 [pid 5173] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] sendfile(7, 5, NULL, 142606336 [pid 5172] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5172] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 62.604288][ T27] audit: type=1800 audit(1686955375.163:18): pid=5173 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5172] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[28], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 28 [pid 5172] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5191] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5191] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [ 62.658155][ T27] audit: type=1800 audit(1686955375.163:19): pid=5173 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5191] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] close(3) = 0 [pid 5172] close(4) = 0 [pid 5172] close(5) = 0 [pid 5172] close(6) = 0 [pid 5172] close(7) = 0 [pid 5172] close(8) = -1 EBADF (Bad file descriptor) [pid 5172] close(9) = -1 EBADF (Bad file descriptor) [pid 5172] close(10) = -1 EBADF (Bad file descriptor) [pid 5172] close(11) = -1 EBADF (Bad file descriptor) [pid 5172] close(12) = -1 EBADF (Bad file descriptor) [pid 5172] close(13) = -1 EBADF (Bad file descriptor) [pid 5172] close(14) = -1 EBADF (Bad file descriptor) [pid 5172] close(15) = -1 EBADF (Bad file descriptor) [pid 5172] close(16) = -1 EBADF (Bad file descriptor) [pid 5172] close(17) = -1 EBADF (Bad file descriptor) [pid 5172] close(18) = -1 EBADF (Bad file descriptor) [pid 5172] close(19) = -1 EBADF (Bad file descriptor) [pid 5172] close(20) = -1 EBADF (Bad file descriptor) [pid 5172] close(21) = -1 EBADF (Bad file descriptor) [pid 5172] close(22) = -1 EBADF (Bad file descriptor) [pid 5172] close(23) = -1 EBADF (Bad file descriptor) [pid 5172] close(24) = -1 EBADF (Bad file descriptor) [pid 5172] close(25) = -1 EBADF (Bad file descriptor) [pid 5172] close(26) = -1 EBADF (Bad file descriptor) [pid 5172] close(27) = -1 EBADF (Bad file descriptor) [pid 5172] close(28) = -1 EBADF (Bad file descriptor) [pid 5172] close(29) = -1 EBADF (Bad file descriptor) [pid 5172] exit_group(0) = ? [pid 5191] <... futex resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5173] <... sendfile resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./8/bus") = 0 [pid 4992] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./8/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./8") = 0 [pid 4992] mkdir("./9", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x5555565195d0) = 29 [pid 5192] set_robust_list(0x5555565195e0, 24) = 0 [pid 5192] chdir("./9") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5192] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5193 attached , parent_tid=[30], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 30 [pid 5193] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5193] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5193] munmap(0x7f206252a000, 16777216) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [ 63.180348][ T5193] loop0: detected capacity change from 0 to 32768 [ 63.192240][ T5193] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5193) [ 63.208845][ T5193] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.217884][ T5193] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.229155][ T5193] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.240000][ T5193] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.250777][ T5193] BTRFS info (device loop0): trying to use backup root at mount time [ 63.259090][ T5193] BTRFS info (device loop0): use zlib compression, level 3 [ 63.266463][ T5193] BTRFS info (device loop0): enabling ssd optimizations [pid 5193] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.273451][ T5193] BTRFS info (device loop0): using spread ssd allocation scheme [ 63.281775][ T5193] BTRFS info (device loop0): using free space tree [ 63.302370][ T5193] BTRFS info (device loop0): auto enabling async discard [pid 5193] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] open("./file2", O_RDONLY) = 6 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] creat("./bus", 000) = 7 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] fallocate(5, 0, 0, 1048816) = 0 [pid 5193] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [ 63.339673][ T27] audit: type=1800 audit(1686955375.903:20): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 63.366716][ T27] audit: type=1800 audit(1686955375.903:21): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5193] sendfile(7, 5, NULL, 142606336 [pid 5192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5192] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[31], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 31 [pid 5192] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5211] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5211] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5211] <... futex resumed>) = 1 [pid 5211] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] close(3) = 0 [pid 5192] close(4) = 0 [pid 5192] close(5) = 0 [pid 5192] close(6) = 0 [pid 5192] close(7) = 0 [pid 5192] close(8) = -1 EBADF (Bad file descriptor) [pid 5192] close(9) = -1 EBADF (Bad file descriptor) [pid 5192] close(10) = -1 EBADF (Bad file descriptor) [pid 5192] close(11) = -1 EBADF (Bad file descriptor) [pid 5192] close(12) = -1 EBADF (Bad file descriptor) [pid 5192] close(13) = -1 EBADF (Bad file descriptor) [pid 5192] close(14) = -1 EBADF (Bad file descriptor) [pid 5192] close(15) = -1 EBADF (Bad file descriptor) [pid 5192] close(16) = -1 EBADF (Bad file descriptor) [pid 5192] close(17) = -1 EBADF (Bad file descriptor) [pid 5192] close(18) = -1 EBADF (Bad file descriptor) [pid 5192] close(19) = -1 EBADF (Bad file descriptor) [pid 5192] close(20) = -1 EBADF (Bad file descriptor) [pid 5192] close(21) = -1 EBADF (Bad file descriptor) [pid 5192] close(22) = -1 EBADF (Bad file descriptor) [pid 5192] close(23) = -1 EBADF (Bad file descriptor) [pid 5192] close(24) = -1 EBADF (Bad file descriptor) [pid 5192] close(25) = -1 EBADF (Bad file descriptor) [pid 5192] close(26) = -1 EBADF (Bad file descriptor) [pid 5192] close(27) = -1 EBADF (Bad file descriptor) [pid 5192] close(28) = -1 EBADF (Bad file descriptor) [pid 5192] close(29) = -1 EBADF (Bad file descriptor) [pid 5192] exit_group(0 [pid 5211] <... futex resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5192] <... exit_group resumed>) = ? [pid 5193] <... sendfile resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./9/bus") = 0 [pid 4992] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./9/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./9") = 0 [pid 4992] mkdir("./10", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 32 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x5555565195e0, 24) = 0 [pid 5212] chdir("./10") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5212] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[33], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 33 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5213] munmap(0x7f206252a000, 16777216) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./bus", 0777) = 0 [ 63.921361][ T5213] loop0: detected capacity change from 0 to 32768 [ 63.932011][ T5213] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5213) [ 63.949024][ T5213] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.957856][ T5213] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.969391][ T5213] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.980472][ T5213] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.991139][ T5213] BTRFS info (device loop0): trying to use backup root at mount time [ 63.999426][ T5213] BTRFS info (device loop0): use zlib compression, level 3 [ 64.006802][ T5213] BTRFS info (device loop0): enabling ssd optimizations [ 64.013907][ T5213] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5213] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5213] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./bus") = 0 [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [ 64.021561][ T5213] BTRFS info (device loop0): using free space tree [ 64.038952][ T5213] BTRFS info (device loop0): auto enabling async discard [pid 5213] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] open("./file2", O_RDONLY) = 6 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] creat("./bus", 000) = 7 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] fallocate(5, 0, 0, 1048816) = 0 [pid 5213] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 1 [pid 5213] sendfile(7, 5, NULL, 142606336 [pid 5212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5212] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5212] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5212] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[34], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 34 [pid 5212] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [ 64.076738][ T27] audit: type=1800 audit(1686955376.643:22): pid=5213 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 64.097611][ T27] audit: type=1800 audit(1686955376.653:23): pid=5213 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5231] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5231] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5231] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5231] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] close(3) = 0 [pid 5212] close(4) = 0 [pid 5212] close(5) = 0 [pid 5212] close(6) = 0 [pid 5212] close(7) = 0 [pid 5212] close(8) = -1 EBADF (Bad file descriptor) [pid 5212] close(9) = -1 EBADF (Bad file descriptor) [pid 5212] close(10) = -1 EBADF (Bad file descriptor) [pid 5212] close(11) = -1 EBADF (Bad file descriptor) [pid 5212] close(12) = -1 EBADF (Bad file descriptor) [pid 5212] close(13) = -1 EBADF (Bad file descriptor) [pid 5212] close(14) = -1 EBADF (Bad file descriptor) [pid 5212] close(15) = -1 EBADF (Bad file descriptor) [pid 5212] close(16) = -1 EBADF (Bad file descriptor) [pid 5212] close(17) = -1 EBADF (Bad file descriptor) [pid 5212] close(18) = -1 EBADF (Bad file descriptor) [pid 5212] close(19) = -1 EBADF (Bad file descriptor) [pid 5212] close(20) = -1 EBADF (Bad file descriptor) [pid 5212] close(21) = -1 EBADF (Bad file descriptor) [pid 5212] close(22) = -1 EBADF (Bad file descriptor) [pid 5212] close(23) = -1 EBADF (Bad file descriptor) [pid 5212] close(24) = -1 EBADF (Bad file descriptor) [pid 5212] close(25) = -1 EBADF (Bad file descriptor) [pid 5212] close(26) = -1 EBADF (Bad file descriptor) [pid 5212] close(27) = -1 EBADF (Bad file descriptor) [pid 5212] close(28) = -1 EBADF (Bad file descriptor) [pid 5212] close(29) = -1 EBADF (Bad file descriptor) [pid 5212] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5213] <... sendfile resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./10/bus") = 0 [pid 4992] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./10/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./10") = 0 [pid 4992] mkdir("./11", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 35 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x5555565195e0, 24) = 0 [pid 5232] chdir("./11") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5232] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[36], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 36 ./strace-static-x86_64: Process 5233 attached [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5233] munmap(0x7f206252a000, 16777216) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./bus", 0777) = 0 [ 64.667991][ T5233] loop0: detected capacity change from 0 to 32768 [ 64.678985][ T5233] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5233) [ 64.693638][ T5233] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.702656][ T5233] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.713875][ T5233] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.725123][ T5233] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.735948][ T5233] BTRFS info (device loop0): trying to use backup root at mount time [ 64.744206][ T5233] BTRFS info (device loop0): use zlib compression, level 3 [ 64.751462][ T5233] BTRFS info (device loop0): enabling ssd optimizations [ 64.758769][ T5233] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5233] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5233] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./bus") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... open resumed>) = 4 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 64.766589][ T5233] BTRFS info (device loop0): using free space tree [ 64.784480][ T5233] BTRFS info (device loop0): auto enabling async discard [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [pid 5233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5233] open("./file2", O_RDONLY [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... open resumed>) = 6 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] creat("./bus", 000 [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... creat resumed>) = 7 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... copy_file_range resumed>) = 9000 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5233] fallocate(5, 0, 0, 1048816 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... fallocate resumed>) = 0 [pid 5233] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5233] sendfile(7, 5, NULL, 142606336 [ 64.799397][ T27] audit: type=1800 audit(1686955377.363:24): pid=5233 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 64.838202][ T27] audit: type=1800 audit(1686955377.393:25): pid=5233 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5232] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5232] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5232] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[37], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 37 [pid 5232] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5251] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5251] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] close(3) = 0 [pid 5232] close(4) = 0 [pid 5232] close(5) = 0 [pid 5232] close(6) = 0 [pid 5232] close(7) = 0 [pid 5232] close(8) = -1 EBADF (Bad file descriptor) [pid 5232] close(9) = -1 EBADF (Bad file descriptor) [pid 5232] close(10) = -1 EBADF (Bad file descriptor) [pid 5232] close(11) = -1 EBADF (Bad file descriptor) [pid 5232] close(12) = -1 EBADF (Bad file descriptor) [pid 5232] close(13) = -1 EBADF (Bad file descriptor) [pid 5232] close(14) = -1 EBADF (Bad file descriptor) [pid 5232] close(15) = -1 EBADF (Bad file descriptor) [pid 5232] close(16) = -1 EBADF (Bad file descriptor) [pid 5232] close(17) = -1 EBADF (Bad file descriptor) [pid 5232] close(18) = -1 EBADF (Bad file descriptor) [pid 5232] close(19) = -1 EBADF (Bad file descriptor) [pid 5232] close(20) = -1 EBADF (Bad file descriptor) [pid 5232] close(21) = -1 EBADF (Bad file descriptor) [pid 5232] close(22) = -1 EBADF (Bad file descriptor) [pid 5232] close(23) = -1 EBADF (Bad file descriptor) [pid 5232] close(24) = -1 EBADF (Bad file descriptor) [pid 5232] close(25) = -1 EBADF (Bad file descriptor) [pid 5232] close(26) = -1 EBADF (Bad file descriptor) [pid 5232] close(27) = -1 EBADF (Bad file descriptor) [pid 5232] close(28) = -1 EBADF (Bad file descriptor) [pid 5232] close(29) = -1 EBADF (Bad file descriptor) [pid 5232] exit_group(0) = ? [pid 5251] <... futex resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5233] <... sendfile resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- [pid 4992] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./11/bus") = 0 [pid 4992] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./11/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./11") = 0 [pid 4992] mkdir("./12", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x5555565195d0) = 38 [pid 5252] set_robust_list(0x5555565195e0, 24) = 0 [pid 5252] chdir("./12") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5252] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5253 attached , parent_tid=[39], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 39 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] set_robust_list(0x7f206a94a9e0, 24 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5253] <... set_robust_list resumed>) = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5253] munmap(0x7f206252a000, 16777216) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] mkdir("./bus", 0777) = 0 [ 65.434634][ T5253] loop0: detected capacity change from 0 to 32768 [ 65.443996][ T5253] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5253) [ 65.460930][ T5253] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.469785][ T5253] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 65.480686][ T5253] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 65.491566][ T5253] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 65.502641][ T5253] BTRFS info (device loop0): trying to use backup root at mount time [ 65.510959][ T5253] BTRFS info (device loop0): use zlib compression, level 3 [ 65.518245][ T5253] BTRFS info (device loop0): enabling ssd optimizations [ 65.525248][ T5253] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5253] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./bus") = 0 [pid 5253] ioctl(4, LOOP_CLR_FD) = 0 [pid 5253] close(4) = 0 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.533144][ T5253] BTRFS info (device loop0): using free space tree [ 65.551409][ T5253] BTRFS info (device loop0): auto enabling async discard [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] open("./file2", O_RDONLY) = 6 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] creat("./bus", 000) = 7 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] fallocate(5, 0, 0, 1048816) = 0 [pid 5253] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] sendfile(7, 5, NULL, 142606336 [pid 5252] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5252] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5252] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[40], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 40 [pid 5252] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5271] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5271] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5271] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] close(5) = 0 [pid 5252] close(6) = 0 [pid 5252] close(7) = 0 [pid 5252] close(8) = -1 EBADF (Bad file descriptor) [pid 5252] close(9) = -1 EBADF (Bad file descriptor) [pid 5252] close(10) = -1 EBADF (Bad file descriptor) [pid 5252] close(11) = -1 EBADF (Bad file descriptor) [pid 5252] close(12) = -1 EBADF (Bad file descriptor) [pid 5252] close(13) = -1 EBADF (Bad file descriptor) [pid 5252] close(14) = -1 EBADF (Bad file descriptor) [pid 5252] close(15) = -1 EBADF (Bad file descriptor) [pid 5252] close(16) = -1 EBADF (Bad file descriptor) [pid 5252] close(17) = -1 EBADF (Bad file descriptor) [pid 5252] close(18) = -1 EBADF (Bad file descriptor) [pid 5252] close(19) = -1 EBADF (Bad file descriptor) [pid 5252] close(20) = -1 EBADF (Bad file descriptor) [pid 5252] close(21) = -1 EBADF (Bad file descriptor) [pid 5252] close(22) = -1 EBADF (Bad file descriptor) [pid 5252] close(23) = -1 EBADF (Bad file descriptor) [pid 5252] close(24) = -1 EBADF (Bad file descriptor) [pid 5252] close(25) = -1 EBADF (Bad file descriptor) [pid 5252] close(26) = -1 EBADF (Bad file descriptor) [pid 5252] close(27) = -1 EBADF (Bad file descriptor) [pid 5252] close(28) = -1 EBADF (Bad file descriptor) [pid 5252] close(29) = -1 EBADF (Bad file descriptor) [pid 5252] exit_group(0 [pid 5271] <... futex resumed>) = ? [pid 5252] <... exit_group resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5253] <... sendfile resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./12/bus") = 0 [pid 4992] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./12/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./12") = 0 [pid 4992] mkdir("./13", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 41 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x5555565195e0, 24) = 0 [pid 5272] chdir("./13") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5272] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[42], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 42 ./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5273] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5273] munmap(0x7f206252a000, 16777216) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./bus", 0777) = 0 [ 66.177012][ T5273] loop0: detected capacity change from 0 to 32768 [ 66.186634][ T5273] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5273) [ 66.201730][ T5273] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.210556][ T5273] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.221482][ T5273] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.232346][ T5273] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.243000][ T5273] BTRFS info (device loop0): trying to use backup root at mount time [ 66.251121][ T5273] BTRFS info (device loop0): use zlib compression, level 3 [ 66.258402][ T5273] BTRFS info (device loop0): enabling ssd optimizations [ 66.265409][ T5273] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5273] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./bus") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] open("./file2", O_RDONLY) = 6 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] creat("./bus", 000) = 7 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0) = 9000 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] fallocate(5, 0, 0, 1048816) = 0 [pid 5273] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] sendfile(7, 5, NULL, 142606336 [pid 5272] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.273131][ T5273] BTRFS info (device loop0): using free space tree [ 66.290456][ T5273] BTRFS info (device loop0): auto enabling async discard [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5272] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[43], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 43 [pid 5272] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5291] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5291] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5291] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] close(3) = 0 [pid 5272] close(4) = 0 [pid 5272] close(5) = 0 [pid 5272] close(6) = 0 [pid 5272] close(7) = 0 [pid 5272] close(8) = -1 EBADF (Bad file descriptor) [pid 5272] close(9) = -1 EBADF (Bad file descriptor) [pid 5272] close(10) = -1 EBADF (Bad file descriptor) [pid 5272] close(11) = -1 EBADF (Bad file descriptor) [pid 5272] close(12) = -1 EBADF (Bad file descriptor) [pid 5272] close(13) = -1 EBADF (Bad file descriptor) [pid 5272] close(14) = -1 EBADF (Bad file descriptor) [pid 5272] close(15) = -1 EBADF (Bad file descriptor) [pid 5272] close(16) = -1 EBADF (Bad file descriptor) [pid 5272] close(17) = -1 EBADF (Bad file descriptor) [pid 5272] close(18) = -1 EBADF (Bad file descriptor) [pid 5272] close(19) = -1 EBADF (Bad file descriptor) [pid 5272] close(20) = -1 EBADF (Bad file descriptor) [pid 5272] close(21) = -1 EBADF (Bad file descriptor) [pid 5272] close(22) = -1 EBADF (Bad file descriptor) [pid 5272] close(23) = -1 EBADF (Bad file descriptor) [pid 5272] close(24) = -1 EBADF (Bad file descriptor) [pid 5272] close(25) = -1 EBADF (Bad file descriptor) [pid 5272] close(26) = -1 EBADF (Bad file descriptor) [pid 5272] close(27) = -1 EBADF (Bad file descriptor) [pid 5272] close(28) = -1 EBADF (Bad file descriptor) [pid 5272] close(29) = -1 EBADF (Bad file descriptor) [pid 5272] exit_group(0 [pid 5291] <... futex resumed>) = ? [pid 5272] <... exit_group resumed>) = ? [pid 5291] +++ exited with 0 +++ [pid 5273] <... sendfile resumed>) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [pid 4992] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./13/bus") = 0 [pid 4992] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./13/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./13") = 0 [pid 4992] mkdir("./14", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 44 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x5555565195e0, 24) = 0 [pid 5292] chdir("./14") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5292] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5293 attached , parent_tid=[45], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 45 [pid 5293] set_robust_list(0x7f206a94a9e0, 24 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... set_robust_list resumed>) = 0 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5293] munmap(0x7f206252a000, 16777216) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./bus", 0777) = 0 [ 66.922089][ T5293] loop0: detected capacity change from 0 to 32768 [ 66.931708][ T5293] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5293) [ 66.947901][ T5293] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.956794][ T5293] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.967952][ T5293] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.978922][ T5293] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.989585][ T5293] BTRFS info (device loop0): trying to use backup root at mount time [ 66.997800][ T5293] BTRFS info (device loop0): use zlib compression, level 3 [ 67.005082][ T5293] BTRFS info (device loop0): enabling ssd optimizations [ 67.012125][ T5293] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5293] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5293] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./bus") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 0 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [ 67.019834][ T5293] BTRFS info (device loop0): using free space tree [ 67.036719][ T5293] BTRFS info (device loop0): auto enabling async discard [ 67.054613][ T27] kauditd_printk_skb: 4 callbacks suppressed [pid 5293] open("./file2", O_RDONLY) = 6 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] creat("./bus", 000) = 7 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5292] <... futex resumed>) = 0 [pid 5293] <... copy_file_range resumed>) = 9000 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] fallocate(5, 0, 0, 1048816 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... fallocate resumed>) = 0 [pid 5293] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] sendfile(7, 5, NULL, 142606336 [pid 5292] <... futex resumed>) = 0 [ 67.054626][ T27] audit: type=1800 audit(1686955379.623:30): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 67.081102][ T27] audit: type=1800 audit(1686955379.623:31): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5292] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5292] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5292] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[46], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 46 [pid 5292] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5311] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5311] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5311] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] close(3) = 0 [pid 5292] close(4) = 0 [pid 5292] close(5) = 0 [pid 5292] close(6) = 0 [pid 5292] close(7) = 0 [pid 5292] close(8) = -1 EBADF (Bad file descriptor) [pid 5292] close(9) = -1 EBADF (Bad file descriptor) [pid 5292] close(10) = -1 EBADF (Bad file descriptor) [pid 5292] close(11) = -1 EBADF (Bad file descriptor) [pid 5292] close(12) = -1 EBADF (Bad file descriptor) [pid 5292] close(13) = -1 EBADF (Bad file descriptor) [pid 5292] close(14) = -1 EBADF (Bad file descriptor) [pid 5292] close(15) = -1 EBADF (Bad file descriptor) [pid 5292] close(16) = -1 EBADF (Bad file descriptor) [pid 5292] close(17) = -1 EBADF (Bad file descriptor) [pid 5292] close(18) = -1 EBADF (Bad file descriptor) [pid 5292] close(19) = -1 EBADF (Bad file descriptor) [pid 5292] close(20) = -1 EBADF (Bad file descriptor) [pid 5292] close(21) = -1 EBADF (Bad file descriptor) [pid 5292] close(22) = -1 EBADF (Bad file descriptor) [pid 5292] close(23) = -1 EBADF (Bad file descriptor) [pid 5292] close(24) = -1 EBADF (Bad file descriptor) [pid 5292] close(25) = -1 EBADF (Bad file descriptor) [pid 5292] close(26) = -1 EBADF (Bad file descriptor) [pid 5292] close(27) = -1 EBADF (Bad file descriptor) [pid 5292] close(28) = -1 EBADF (Bad file descriptor) [pid 5292] close(29) = -1 EBADF (Bad file descriptor) [pid 5292] exit_group(0 [pid 5311] <... futex resumed>) = ? [pid 5311] +++ exited with 0 +++ [pid 5292] <... exit_group resumed>) = ? [pid 5293] <... sendfile resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=54 /* 0.54 s */} --- [pid 4992] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4992] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./14/bus") = 0 [pid 4992] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./14/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./14") = 0 [pid 4992] mkdir("./15", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x5555565195d0) = 47 [pid 5312] set_robust_list(0x5555565195e0, 24) = 0 [pid 5312] chdir("./15") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5312] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5313 attached , parent_tid=[48], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 48 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5313] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5313] munmap(0x7f206252a000, 16777216) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./bus", 0777) = 0 [ 67.714548][ T5313] loop0: detected capacity change from 0 to 32768 [ 67.724360][ T5313] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5313) [ 67.741268][ T5313] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.750307][ T5313] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 67.761289][ T5313] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 67.772397][ T5313] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.783027][ T5313] BTRFS info (device loop0): trying to use backup root at mount time [ 67.791320][ T5313] BTRFS info (device loop0): use zlib compression, level 3 [ 67.798708][ T5313] BTRFS info (device loop0): enabling ssd optimizations [ 67.805753][ T5313] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5313] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5313] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./bus") = 0 [pid 5313] ioctl(4, LOOP_CLR_FD) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 0 [ 67.813427][ T5313] BTRFS info (device loop0): using free space tree [ 67.831575][ T5313] BTRFS info (device loop0): auto enabling async discard [pid 5313] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... open resumed>) = 5 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] open("./file2", O_RDONLY [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... open resumed>) = 6 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] creat("./bus", 000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... creat resumed>) = 7 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [ 67.867029][ T27] audit: type=1800 audit(1686955380.433:32): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5313] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] <... copy_file_range resumed>) = 9000 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5313] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] fallocate(5, 0, 0, 1048816 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... fallocate resumed>) = 0 [pid 5313] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] sendfile(7, 5, NULL, 142606336 [pid 5312] <... futex resumed>) = 0 [ 67.899697][ T27] audit: type=1800 audit(1686955380.453:33): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5312] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5312] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5312] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[49], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 49 [pid 5312] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x7f20635299e0, 24) = 0 [pid 5331] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} => {fm_flags=0, fm_mapped_extents=11, ...}) = 0 [pid 5331] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] futex(0x7f206aa287f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5312] close(3) = 0 [pid 5312] close(4) = 0 [pid 5312] close(5) = 0 [pid 5312] close(6) = 0 [pid 5312] close(7) = 0 [pid 5312] close(8) = -1 EBADF (Bad file descriptor) [pid 5312] close(9) = -1 EBADF (Bad file descriptor) [pid 5312] close(10) = -1 EBADF (Bad file descriptor) [pid 5312] close(11) = -1 EBADF (Bad file descriptor) [pid 5312] close(12) = -1 EBADF (Bad file descriptor) [pid 5312] close(13) = -1 EBADF (Bad file descriptor) [pid 5312] close(14) = -1 EBADF (Bad file descriptor) [pid 5312] close(15) = -1 EBADF (Bad file descriptor) [pid 5312] close(16) = -1 EBADF (Bad file descriptor) [pid 5312] close(17) = -1 EBADF (Bad file descriptor) [pid 5312] close(18) = -1 EBADF (Bad file descriptor) [pid 5312] close(19) = -1 EBADF (Bad file descriptor) [pid 5312] close(20) = -1 EBADF (Bad file descriptor) [pid 5312] close(21) = -1 EBADF (Bad file descriptor) [pid 5312] close(22) = -1 EBADF (Bad file descriptor) [pid 5312] close(23) = -1 EBADF (Bad file descriptor) [pid 5312] close(24) = -1 EBADF (Bad file descriptor) [pid 5312] close(25) = -1 EBADF (Bad file descriptor) [pid 5312] close(26) = -1 EBADF (Bad file descriptor) [pid 5312] close(27) = -1 EBADF (Bad file descriptor) [pid 5312] close(28) = -1 EBADF (Bad file descriptor) [pid 5312] close(29) = -1 EBADF (Bad file descriptor) [pid 5312] exit_group(0) = ? [pid 5313] <... sendfile resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5331] <... futex resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ [pid 4992] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=45 /* 0.45 s */} --- [pid 4992] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 4 entries */, 32768) = 104 [pid 4992] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4992] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4992] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4992] getdents64(4, 0x555556522660 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(4, 0x555556522660 /* 0 entries */, 32768) = 0 [pid 4992] close(4) = 0 [pid 4992] rmdir("./15/bus") = 0 [pid 4992] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4992] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4992] unlink("./15/binderfs") = 0 [pid 4992] getdents64(3, 0x55555651a620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [pid 4992] rmdir("./15") = 0 [pid 4992] mkdir("./16", 0777) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4992] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4992] close(3) = 0 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565195d0) = 50 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x5555565195e0, 24) = 0 [pid 5332] chdir("./16") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f206a92a000 [pid 5332] mprotect(0x7f206a92b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f206a94a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5333 attached , parent_tid=[51], tls=0x7f206a94a700, child_tidptr=0x7f206a94a9d0) = 51 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] set_robust_list(0x7f206a94a9e0, 24) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f206252a000 [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5333] munmap(0x7f206252a000, 16777216) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./bus", 0777) = 0 [ 68.462618][ T5333] loop0: detected capacity change from 0 to 32768 [ 68.473451][ T5333] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5333) [ 68.489458][ T5333] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.498363][ T5333] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.509662][ T5333] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.520471][ T5333] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.531097][ T5333] BTRFS info (device loop0): trying to use backup root at mount time [ 68.539213][ T5333] BTRFS info (device loop0): use zlib compression, level 3 [ 68.546457][ T5333] BTRFS info (device loop0): enabling ssd optimizations [ 68.553398][ T5333] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5333] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5333] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./bus") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [ 68.561108][ T5333] BTRFS info (device loop0): using free space tree [ 68.578665][ T5333] BTRFS info (device loop0): auto enabling async discard [pid 5333] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [pid 5333] open("./file2", O_RDONLY) = 6 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] creat("./bus", 000 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... creat resumed>) = 7 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] copy_file_range(6, NULL, 7, NULL, 18014398509481988, 0 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... copy_file_range resumed>) = 9000 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] fallocate(5, 0, 0, 1048816 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... fallocate resumed>) = 0 [pid 5333] futex(0x7f206aa287ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f206aa287e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f206aa287e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] <... futex resumed>) = 0 [pid 5333] sendfile(7, 5, NULL, 142606336 [ 68.596417][ T27] audit: type=1800 audit(1686955381.163:34): pid=5333 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5332] futex(0x7f206aa287ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5332] futex(0x7f206aa287fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2063509000 [pid 5332] mprotect(0x7f206350a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f20635293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[52], tls=0x7f2063529700, child_tidptr=0x7f20635299d0) = 52 [pid 5332] futex(0x7f206aa287f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f206aa287fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5351 attached [pid 5351] set_robust_list(0x7f20635299e0, 24) = 0 [ 68.653861][ T27] audit: type=1800 audit(1686955381.193:35): pid=5333 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor148" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5351] ioctl(4, FS_IOC_FIEMAP, {fm_start=786432, fm_length=9223372036854775809, fm_flags=0, fm_extent_count=16777216} [pid 5332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 68.712695][ T5351] ------------[ cut here ]------------ [ 68.718513][ T5351] WARNING: CPU: 1 PID: 5351 at fs/btrfs/extent_io.c:2824 emit_fiemap_extent+0xee/0x410 [ 68.728318][ T5351] Modules linked in: [ 68.732252][ T5351] CPU: 1 PID: 5351 Comm: syz-executor148 Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 [ 68.742773][ T5351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 68.753129][ T5351] RIP: 0010:emit_fiemap_extent+0xee/0x410 [ 68.758950][ T5351] Code: d8 24 52 fe 49 8b 45 00 48 89 04 24 48 8b 4c 24 28 48 8d 2c 08 48 89 ef 4c 89 f6 e8 3c 4f fa fd 4c 39 f5 76 1b e8 22 4d fa fd <0f> 0b bd ea ff ff ff e9 25 02 00 00 e8 11 4d fa fd e9 97 01 00 00 [ 68.778611][ T5351] RSP: 0018:ffffc90004b7f4a8 EFLAGS: 00010293 [ 68.784750][ T5351] RAX: ffffffff8391327e RBX: ffffc90004b7f8e0 RCX: ffff88807658bb80 [ 68.792737][ T5351] RDX: 0000000000000000 RSI: 00000000000b3000 RDI: 0000000000101000 [ 68.800841][ T5351] RBP: 0000000000101000 R08: ffffffff83913274 R09: 0000000000000800 [ 68.808897][ T5351] R10: ffffc90004b7f478 R11: dffffc0000000001 R12: 1ffff9200096ff1f [ 68.817025][ T5351] R13: ffffc90004b7f8f0 R14: 00000000000b3000 R15: 1ffff9200096ff1e [ 68.825145][ T5351] FS: 00007f2063529700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 68.834916][ T5351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.842154][ T5351] CR2: 000055dbf02d3668 CR3: 0000000079ce7000 CR4: 00000000003506e0 [ 68.851886][ T5351] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.860006][ T5351] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.869215][ T5351] Call Trace: [ 68.872871][ T5351] [ 68.876381][ T5351] ? __warn+0x162/0x4a0 [ 68.880882][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 68.887584][ T5351] ? report_bug+0x2b3/0x500 [ 68.893158][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 68.898910][ T5351] ? handle_bug+0x3d/0x70 [ 68.903304][ T5351] ? exc_invalid_op+0x1a/0x50 [ 68.908181][ T5351] ? asm_exc_invalid_op+0x1a/0x20 [pid 5332] close(3) = 0 [pid 5332] close(4) = 0 [pid 5332] close(5) = 0 [pid 5332] close(6) = 0 [pid 5332] close(7) = 0 [pid 5332] close(8) = -1 EBADF (Bad file descriptor) [pid 5332] close(9) = -1 EBADF (Bad file descriptor) [pid 5332] close(10) = -1 EBADF (Bad file descriptor) [pid 5332] close(11) = -1 EBADF (Bad file descriptor) [pid 5332] close(12) = -1 EBADF (Bad file descriptor) [pid 5332] close(13) = -1 EBADF (Bad file descriptor) [pid 5332] close(14) = -1 EBADF (Bad file descriptor) [pid 5332] close(15) = -1 EBADF (Bad file descriptor) [pid 5332] close(16) = -1 EBADF (Bad file descriptor) [pid 5332] close(17) = -1 EBADF (Bad file descriptor) [pid 5332] close(18) = -1 EBADF (Bad file descriptor) [pid 5332] close(19) = -1 EBADF (Bad file descriptor) [pid 5332] close(20) = -1 EBADF (Bad file descriptor) [pid 5332] close(21) = -1 EBADF (Bad file descriptor) [pid 5332] close(22) = -1 EBADF (Bad file descriptor) [pid 5332] close(23) = -1 EBADF (Bad file descriptor) [pid 5332] close(24) = -1 EBADF (Bad file descriptor) [pid 5332] close(25) = -1 EBADF (Bad file descriptor) [pid 5332] close(26) = -1 EBADF (Bad file descriptor) [pid 5332] close(27) = -1 EBADF (Bad file descriptor) [pid 5332] close(28) = -1 EBADF (Bad file descriptor) [pid 5332] close(29) = -1 EBADF (Bad file descriptor) [pid 5332] exit_group(0) = ? [ 68.913408][ T5351] ? emit_fiemap_extent+0xe4/0x410 [ 68.918767][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 68.924036][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 68.929196][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 68.934410][ T5351] fiemap_process_hole+0xa27/0xaf0 [ 68.939577][ T5351] ? extent_fiemap+0x1fc0/0x1fc0 [ 68.944715][ T5351] ? btrfs_get_token_64+0x600/0x600 [ 68.950211][ T5351] ? __asan_memcpy+0x40/0x70 [ 68.954880][ T5351] extent_fiemap+0xe7d/0x1fc0 [ 68.959614][ T5351] ? try_release_extent_mapping+0x560/0x560 [ 68.965834][ T5351] ? __lock_acquire+0x1316/0x2070 [ 68.971005][ T5351] ? __might_sleep+0xc0/0xc0 [ 68.975655][ T5351] ? fiemap_prep+0x19e/0x240 [ 68.980526][ T5351] btrfs_fiemap+0x178/0x1e0 [ 68.985097][ T5351] ? btrfs_getattr+0x4a0/0x4a0 [ 68.989877][ T5351] ? __might_fault+0xba/0x120 [ 68.994621][ T5351] ? btrfs_getattr+0x4a0/0x4a0 [ 68.999506][ T5351] do_vfs_ioctl+0x19ba/0x2b10 [ 69.004366][ T5351] ? __x64_compat_sys_ioctl+0x90/0x90 [ 69.009770][ T5351] ? __lock_acquire+0x2070/0x2070 [ 69.014859][ T5351] ? lockdep_hardirqs_on+0x98/0x140 [ 69.020265][ T5351] ? __kmem_cache_free+0x264/0x3c0 [ 69.025461][ T5351] ? tomoyo_path_number_perm+0x663/0x840 [ 69.031117][ T5351] ? tomoyo_path_number_perm+0x6e4/0x840 [ 69.036815][ T5351] ? smack_log+0x123/0x540 [ 69.041254][ T5351] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 69.046790][ T5351] ? smk_access+0x4b0/0x4b0 [ 69.051325][ T5351] ? smk_access+0x477/0x4b0 [ 69.055911][ T5351] ? smk_tskacc+0x2ff/0x360 [ 69.060436][ T5351] ? smack_file_ioctl+0x2ee/0x390 [ 69.065891][ T5351] ? smack_file_alloc_security+0xe0/0xe0 [ 69.071993][ T5351] ? bpf_lsm_file_ioctl+0x9/0x10 [ 69.077004][ T5351] ? security_file_ioctl+0x81/0xa0 [ 69.082147][ T5351] __se_sys_ioctl+0x81/0x160 [ 69.086828][ T5351] do_syscall_64+0x41/0xc0 [ 69.091280][ T5351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.097261][ T5351] RIP: 0033:0x7f206a99eae9 [ 69.101699][ T5351] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.121901][ T5351] RSP: 002b:00007f20635292f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.130383][ T5351] RAX: ffffffffffffffda RBX: 00007f206aa287f0 RCX: 00007f206a99eae9 [ 69.138501][ T5351] RDX: 00000000200012c0 RSI: 00000000c020660b RDI: 0000000000000004 [ 69.146513][ T5351] RBP: 00007f206a9f5290 R08: 00007f2063529700 R09: 0000000000000000 [ 69.154554][ T5351] R10: 00007f2063529700 R11: 0000000000000246 R12: 5f65646f6e696f6e [ 69.162559][ T5351] R13: 0032656c69662f2e R14: 8000000000000001 R15: 00007f206aa287f8 [ 69.170627][ T5351] [ 69.173726][ T5351] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.181118][ T5351] CPU: 1 PID: 5351 Comm: syz-executor148 Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 [ 69.191625][ T5351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 69.201685][ T5351] Call Trace: [ 69.204979][ T5351] [ 69.207917][ T5351] dump_stack_lvl+0x1e7/0x2d0 [ 69.212693][ T5351] ? nf_tcp_handle_invalid+0x650/0x650 [ 69.218274][ T5351] ? panic+0x770/0x770 [ 69.222377][ T5351] ? vscnprintf+0x5d/0x80 [ 69.226738][ T5351] panic+0x30f/0x770 [ 69.230639][ T5351] ? __warn+0x171/0x4a0 [ 69.235060][ T5351] ? __memcpy_flushcache+0x2b0/0x2b0 [ 69.240624][ T5351] __warn+0x314/0x4a0 [ 69.244622][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 69.249755][ T5351] report_bug+0x2b3/0x500 [ 69.254096][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 69.259214][ T5351] handle_bug+0x3d/0x70 [ 69.263456][ T5351] exc_invalid_op+0x1a/0x50 [ 69.267957][ T5351] asm_exc_invalid_op+0x1a/0x20 [ 69.272803][ T5351] RIP: 0010:emit_fiemap_extent+0xee/0x410 [ 69.278610][ T5351] Code: d8 24 52 fe 49 8b 45 00 48 89 04 24 48 8b 4c 24 28 48 8d 2c 08 48 89 ef 4c 89 f6 e8 3c 4f fa fd 4c 39 f5 76 1b e8 22 4d fa fd <0f> 0b bd ea ff ff ff e9 25 02 00 00 e8 11 4d fa fd e9 97 01 00 00 [ 69.298219][ T5351] RSP: 0018:ffffc90004b7f4a8 EFLAGS: 00010293 [ 69.304295][ T5351] RAX: ffffffff8391327e RBX: ffffc90004b7f8e0 RCX: ffff88807658bb80 [ 69.312267][ T5351] RDX: 0000000000000000 RSI: 00000000000b3000 RDI: 0000000000101000 [ 69.320244][ T5351] RBP: 0000000000101000 R08: ffffffff83913274 R09: 0000000000000800 [ 69.328235][ T5351] R10: ffffc90004b7f478 R11: dffffc0000000001 R12: 1ffff9200096ff1f [ 69.336218][ T5351] R13: ffffc90004b7f8f0 R14: 00000000000b3000 R15: 1ffff9200096ff1e [ 69.344740][ T5351] ? emit_fiemap_extent+0xe4/0x410 [ 69.349860][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 69.354989][ T5351] ? emit_fiemap_extent+0xee/0x410 [ 69.360124][ T5351] fiemap_process_hole+0xa27/0xaf0 [ 69.365269][ T5351] ? extent_fiemap+0x1fc0/0x1fc0 [ 69.370213][ T5351] ? btrfs_get_token_64+0x600/0x600 [ 69.375506][ T5351] ? __asan_memcpy+0x40/0x70 [ 69.380113][ T5351] extent_fiemap+0xe7d/0x1fc0 [ 69.384984][ T5351] ? try_release_extent_mapping+0x560/0x560 [ 69.390878][ T5351] ? __lock_acquire+0x1316/0x2070 [ 69.396016][ T5351] ? __might_sleep+0xc0/0xc0 [ 69.400614][ T5351] ? fiemap_prep+0x19e/0x240 [ 69.405213][ T5351] btrfs_fiemap+0x178/0x1e0 [ 69.409734][ T5351] ? btrfs_getattr+0x4a0/0x4a0 [ 69.414499][ T5351] ? __might_fault+0xba/0x120 [ 69.419273][ T5351] ? btrfs_getattr+0x4a0/0x4a0 [ 69.424043][ T5351] do_vfs_ioctl+0x19ba/0x2b10 [ 69.428774][ T5351] ? __x64_compat_sys_ioctl+0x90/0x90 [ 69.434154][ T5351] ? __lock_acquire+0x2070/0x2070 [ 69.439191][ T5351] ? lockdep_hardirqs_on+0x98/0x140 [ 69.444409][ T5351] ? __kmem_cache_free+0x264/0x3c0 [ 69.449519][ T5351] ? tomoyo_path_number_perm+0x663/0x840 [ 69.455176][ T5351] ? tomoyo_path_number_perm+0x6e4/0x840 [ 69.460813][ T5351] ? smack_log+0x123/0x540 [ 69.465228][ T5351] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 69.470690][ T5351] ? smk_access+0x4b0/0x4b0 [ 69.475909][ T5351] ? smk_access+0x477/0x4b0 [ 69.480420][ T5351] ? smk_tskacc+0x2ff/0x360 [ 69.484929][ T5351] ? smack_file_ioctl+0x2ee/0x390 [ 69.489960][ T5351] ? smack_file_alloc_security+0xe0/0xe0 [ 69.495608][ T5351] ? bpf_lsm_file_ioctl+0x9/0x10 [ 69.500553][ T5351] ? security_file_ioctl+0x81/0xa0 [ 69.505664][ T5351] __se_sys_ioctl+0x81/0x160 [ 69.510261][ T5351] do_syscall_64+0x41/0xc0 [ 69.514678][ T5351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.520578][ T5351] RIP: 0033:0x7f206a99eae9 [ 69.525079][ T5351] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.544681][ T5351] RSP: 002b:00007f20635292f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.553091][ T5351] RAX: ffffffffffffffda RBX: 00007f206aa287f0 RCX: 00007f206a99eae9 [ 69.561159][ T5351] RDX: 00000000200012c0 RSI: 00000000c020660b RDI: 0000000000000004 [ 69.569150][ T5351] RBP: 00007f206a9f5290 R08: 00007f2063529700 R09: 0000000000000000 [ 69.577129][ T5351] R10: 00007f2063529700 R11: 0000000000000246 R12: 5f65646f6e696f6e [ 69.585103][ T5351] R13: 0032656c69662f2e R14: 8000000000000001 R15: 00007f206aa287f8 [ 69.593107][ T5351] [ 69.596176][ T5351] Kernel Offset: disabled [ 69.600596][ T5351] Rebooting in 86400 seconds..