./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2969935721 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 4644 [ 29.970681][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.983486][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts. execve("./syz-executor2969935721", ["./syz-executor2969935721"], 0x7ffd41cc3c00 /* 10 vars */) = 0 brk(NULL) = 0x55555665c000 brk(0x55555665cc40) = 0x55555665cc40 arch_prctl(ARCH_SET_FS, 0x55555665c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555665c5d0) = 5073 set_robust_list(0x55555665c5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f5b1fb6e530, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5b1fb6ec00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5b1fb6e5d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5b1fb6ec00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2969935721", 4096) = 28 brk(0x55555667dc40) = 0x55555667dc40 brk(0x55555667e000) = 0x55555667e000 mprotect(0x7f5b1fc36000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x55555665c5d0) = 5074 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] set_robust_list(0x55555665c5e0, 24./strace-static-x86_64: Process 5075 attached [pid 5073] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5075 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5076 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] getpid() = 5074 [pid 5073] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5077 [pid 5074] mkdir("./syzkaller.oOMWbS", 0700 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665c5d0) = 5078 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... mkdir resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5079 ./strace-static-x86_64: Process 5078 attached ./strace-static-x86_64: Process 5079 attached [pid 5078] set_robust_list(0x55555665c5e0, 24 [pid 5079] set_robust_list(0x55555665c5e0, 24 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5078] getpid( [pid 5079] <... set_robust_list resumed>) = 0 [pid 5074] chmod("./syzkaller.oOMWbS", 0777 [pid 5075] set_robust_list(0x55555665c5e0, 24 [pid 5078] <... getpid resumed>) = 5078 [pid 5079] getpid( [pid 5078] mkdir("./syzkaller.T0KLb9", 0700 [pid 5079] <... getpid resumed>) = 5079 [pid 5079] mkdir("./syzkaller.tJz5th", 0700 [pid 5078] <... mkdir resumed>) = 0 [pid 5074] <... chmod resumed>) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5079] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5077 attached [pid 5075] getpid( [pid 5074] chdir("./syzkaller.oOMWbS" [pid 5077] set_robust_list(0x55555665c5e0, 24) = 0 [pid 5077] getpid( [pid 5079] chmod("./syzkaller.tJz5th", 0777 [pid 5077] <... getpid resumed>) = 5077 [pid 5078] chmod("./syzkaller.T0KLb9", 0777 [pid 5079] <... chmod resumed>) = 0 [pid 5077] mkdir("./syzkaller.SUC4n8", 0700 [pid 5078] <... chmod resumed>) = 0 [pid 5079] chdir("./syzkaller.tJz5th" [pid 5075] <... getpid resumed>) = 5075 [pid 5074] <... chdir resumed>) = 0 [pid 5078] chdir("./syzkaller.T0KLb9" [pid 5079] <... chdir resumed>) = 0 [pid 5075] mkdir("./syzkaller.pIdYMV", 0700 [pid 5074] mkdir("./0", 0777) = 0 [pid 5078] <... chdir resumed>) = 0 [pid 5079] mkdir("./0", 0777 [pid 5078] mkdir("./0", 0777 [pid 5075] <... mkdir resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5075] chmod("./syzkaller.pIdYMV", 0777 [pid 5074] <... openat resumed>) = 3 [pid 5075] <... chmod resumed>) = 0 [pid 5074] ioctl(3, LOOP_CLR_FD [pid 5079] <... mkdir resumed>) = 0 [pid 5075] chdir("./syzkaller.pIdYMV" [pid 5074] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] <... mkdir resumed>) = 0 [pid 5077] <... mkdir resumed>) = 0 [pid 5077] chmod("./syzkaller.SUC4n8", 0777) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5079] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5075] <... chdir resumed>) = 0 [pid 5074] close(3 [pid 5077] chdir("./syzkaller.SUC4n8" [pid 5075] mkdir("./0", 0777 [pid 5077] <... chdir resumed>) = 0 [pid 5077] mkdir("./0", 0777) = 0 [pid 5078] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5079] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5078] close(3) = 0 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] close(3) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5077] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5077] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5077] close(3) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5080 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5081 [pid 5077] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5082 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x55555665c5e0, 24) = 0 [pid 5075] <... mkdir resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5075] <... openat resumed>) = 3 [pid 5075] ioctl(3, LOOP_CLR_FD [pid 5074] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5083 ./strace-static-x86_64: Process 5082 attached [pid 5075] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5075] close(3) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] chdir("./0") = 0 [pid 5082] set_robust_list(0x55555665c5e0, 24./strace-static-x86_64: Process 5076 attached [pid 5075] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5084 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5076] set_robust_list(0x55555665c5e0, 24 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5080] <... prctl resumed>) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5082] chdir("./0" [pid 5080] setpgid(0, 0 [pid 5082] <... chdir resumed>) = 0 [pid 5080] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5083 attached ./strace-static-x86_64: Process 5081 attached [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5076] getpid(./strace-static-x86_64: Process 5084 attached [pid 5083] set_robust_list(0x55555665c5e0, 24 [pid 5082] <... prctl resumed>) = 0 [pid 5081] set_robust_list(0x55555665c5e0, 24 [pid 5080] <... openat resumed>) = 3 [pid 5076] <... getpid resumed>) = 5076 [pid 5084] set_robust_list(0x55555665c5e0, 24 [pid 5082] setpgid(0, 0 [pid 5080] write(3, "1000", 4 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] <... setpgid resumed>) = 0 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] <... write resumed>) = 4 [pid 5076] mkdir("./syzkaller.8dSdsZ", 0700 [pid 5084] chdir("./0" [pid 5083] chdir("./0" [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] close(3 [pid 5084] <... chdir resumed>) = 0 [pid 5083] <... chdir resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] chdir("./0" [pid 5080] <... close resumed>) = 0 [pid 5076] <... mkdir resumed>) = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] write(3, "1000", 4 [pid 5080] symlink("/dev/binderfs", "./binderfs" [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5076] chmod("./syzkaller.8dSdsZ", 0777 [pid 5084] <... prctl resumed>) = 0 [pid 5083] <... prctl resumed>) = 0 [pid 5082] <... write resumed>) = 4 [pid 5081] <... chdir resumed>) = 0 [pid 5080] <... symlink resumed>) = 0 [pid 5084] setpgid(0, 0 [pid 5083] setpgid(0, 0 [pid 5082] close(3 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... chmod resumed>) = 0 [pid 5084] <... setpgid resumed>) = 0 [pid 5083] <... setpgid resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] <... prctl resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5076] chdir("./syzkaller.8dSdsZ" [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] symlink("/dev/binderfs", "./binderfs" [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5076] <... chdir resumed>) = 0 [pid 5081] setpgid(0, 0 [pid 5084] <... openat resumed>) = 3 [pid 5083] <... openat resumed>) = 3 [pid 5082] <... symlink resumed>) = 0 [pid 5080] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5084] write(3, "1000", 4 [pid 5083] write(3, "1000", 4 [pid 5082] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... setpgid resumed>) = 0 [pid 5080] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5076] mkdir("./0", 0777 [pid 5084] <... write resumed>) = 4 [pid 5083] <... write resumed>) = 4 [pid 5082] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] <... mprotect resumed>) = 0 [pid 5084] close(3 [pid 5083] close(3 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5076] <... mkdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5081] <... openat resumed>) = 3 [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5084] symlink("/dev/binderfs", "./binderfs" [pid 5083] symlink("/dev/binderfs", "./binderfs" [pid 5082] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5081] write(3, "1000", 4 [pid 5080] <... clone resumed>, parent_tid=[5085], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5085 [pid 5084] <... symlink resumed>) = 0 [pid 5082] <... mprotect resumed>) = 0 [pid 5083] <... symlink resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... openat resumed>) = 3 [pid 5081] <... write resumed>) = 4 [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] close(3 [pid 5080] <... futex resumed>) = 0 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] <... clone resumed>, parent_tid=[5086], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5086 [pid 5081] symlink("/dev/binderfs", "./binderfs" [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5083] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5082] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] close(3 [pid 5084] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5083] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... futex resumed>) = 0 [pid 5081] <... symlink resumed>) = 0 [pid 5076] <... close resumed>) = 0 ./strace-static-x86_64: Process 5085 attached [pid 5084] <... mprotect resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] set_robust_list(0x7f5b1fb5d9e0, 24 [pid 5084] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... mprotect resumed>) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5083] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5086 attached [pid 5085] memfd_create("syzkaller", 0 [pid 5084] <... clone resumed>, parent_tid=[5088], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5088 [pid 5086] set_robust_list(0x7f5b1fb5d9e0, 24 [pid 5085] <... memfd_create resumed>) = 3 [pid 5084] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5089 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... clone resumed>, parent_tid=[5090], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5090 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] <... mmap resumed>) = 0x7f5b1773d000 [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5090 attached ./strace-static-x86_64: Process 5089 attached ./strace-static-x86_64: Process 5088 attached [pid 5086] <... memfd_create resumed>) = 3 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5088] set_robust_list(0x7f5b1fb5d9e0, 24 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5090] set_robust_list(0x7f5b1fb5d9e0, 24 [pid 5089] set_robust_list(0x55555665c5e0, 24 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] <... mmap resumed>) = 0x7f5b1773d000 [pid 5081] <... mprotect resumed>) = 0 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5081] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5090] memfd_create("syzkaller", 0 [pid 5088] <... mmap resumed>) = 0x7f5b1773d000 [pid 5090] <... memfd_create resumed>) = 3 [pid 5089] chdir("./0" [pid 5081] <... clone resumed>, parent_tid=[5091], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5091 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5089] <... chdir resumed>) = 0 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... mmap resumed>) = 0x7f5b1773d000 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5081] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f5b1fb5d9e0, 24) = 0 [pid 5091] memfd_create("syzkaller", 0 [pid 5089] <... prctl resumed>) = 0 [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... memfd_create resumed>) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5b1fb3d000 [pid 5089] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5092 attached , parent_tid=[5092], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5092 [pid 5092] set_robust_list(0x7f5b1fb5d9e0, 24 [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] <... set_robust_list resumed>) = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5091] <... write resumed>) = 16777216 [pid 5090] <... write resumed>) = 16777216 [pid 5091] munmap(0x7f5b1773d000, 16777216 [pid 5090] munmap(0x7f5b1773d000, 16777216 [pid 5091] <... munmap resumed>) = 0 [pid 5086] <... write resumed>) = 16777216 [pid 5091] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3 [pid 5086] munmap(0x7f5b1773d000, 16777216 [pid 5090] <... munmap resumed>) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3 [pid 5086] <... munmap resumed>) = 0 [pid 5085] <... write resumed>) = 16777216 [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5091] <... ioctl resumed>) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [pid 5091] mount("/dev/loop5", "./file0", "jfs", MS_REC, "" [pid 5090] <... ioctl resumed>) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "jfs", MS_REC, "" [pid 5085] munmap(0x7f5b1773d000, 16777216) = 0 [pid 5091] <... mount resumed>) = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5090] <... mount resumed>) = 0 [pid 5092] <... write resumed>) = 16777216 [pid 5091] <... openat resumed>) = 3 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5088] <... write resumed>) = 16777216 [pid 5086] <... ioctl resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5092] munmap(0x7f5b1773d000, 16777216 [pid 5091] chdir("./file0" [pid 5090] <... openat resumed>) = 3 [pid 5086] close(3 [pid 5091] <... chdir resumed>) = 0 [pid 5090] chdir("./file0" [pid 5088] munmap(0x7f5b1773d000, 16777216 [pid 5085] <... openat resumed>) = 4 [pid 5092] <... munmap resumed>) = 0 [pid 5091] ioctl(4, LOOP_CLR_FD [pid 5090] <... chdir resumed>) = 0 [pid 5086] <... close resumed>) = 0 syzkaller login: [ 56.871441][ T5091] loop5: detected capacity change from 0 to 32768 [ 56.882608][ T5090] loop0: detected capacity change from 0 to 32768 [ 56.893394][ T5086] loop3: detected capacity change from 0 to 32768 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5092] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5091] <... ioctl resumed>) = 0 [pid 5090] ioctl(4, LOOP_CLR_FD [pid 5088] <... munmap resumed>) = 0 [pid 5086] mkdir("./file0", 0777 [pid 5092] <... openat resumed>) = 4 [pid 5091] close(4 [pid 5090] <... ioctl resumed>) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5092] ioctl(4, LOOP_SET_FD, 3 [pid 5091] <... close resumed>) = 0 [pid 5090] close(4 [pid 5086] mount("/dev/loop3", "./file0", "jfs", MS_REC, "" [pid 5085] close(3 [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... close resumed>) = 0 [pid 5088] <... openat resumed>) = 4 [pid 5086] <... mount resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5092] <... ioctl resumed>) = 0 [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 1 [pid 5086] <... openat resumed>) = 3 [pid 5085] mkdir("./file0", 0777 [pid 5092] close(3 [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] chdir("./file0" [pid 5085] <... mkdir resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5092] <... close resumed>) = 0 [pid 5086] <... chdir resumed>) = 0 [pid 5085] mount("/dev/loop4", "./file0", "jfs", MS_REC, "" [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] mkdir("./file0", 0777 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5086] ioctl(4, LOOP_CLR_FD [pid 5085] <... mount resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 1 [pid 5092] <... mkdir resumed>) = 0 [pid 5091] open(".", O_RDONLY [pid 5090] open(".", O_RDONLY [pid 5086] <... ioctl resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] mount("/dev/loop2", "./file0", "jfs", MS_REC, "" [pid 5091] <... open resumed>) = 4 [pid 5090] <... open resumed>) = 4 [pid 5086] close(4 [pid 5085] <... openat resumed>) = 3 [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] chdir("./file0" [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5086] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... chdir resumed>) = 0 [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 1 [pid 5085] ioctl(4, LOOP_CLR_FD [pid 5082] <... futex resumed>) = 0 [pid 5086] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... ioctl resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] close(4 [pid 5082] <... futex resumed>) = 0 [pid 5086] open(".", O_RDONLY [pid 5085] <... close resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = 4 [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5085] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] open(".", O_RDONLY [pid 5082] <... futex resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5085] <... open resumed>) = 4 [pid 5082] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5085] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5085] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... ioctl resumed>) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file0", 0777 [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 56.933196][ T5085] loop4: detected capacity change from 0 to 32768 [ 56.942441][ T5092] loop2: detected capacity change from 0 to 32768 [ 56.966483][ T5088] loop1: detected capacity change from 0 to 32768 [ 56.974301][ T5086] ERROR: (device loop3): diRead: i_ino != di_number [ 56.974301][ T5086] [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 1 [pid 5091] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5090] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... mount resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5082] <... futex resumed>) = 0 [pid 5092] <... openat resumed>) = 3 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5092] chdir("./file0" [pid 5088] <... mkdir resumed>) = 0 [pid 5082] <... mmap resumed>) = 0x7f5b1871c000 [pid 5092] <... chdir resumed>) = 0 [pid 5088] mount("/dev/loop1", "./file0", "jfs", MS_REC, "" [pid 5082] mprotect(0x7f5b1871d000, 131072, PROT_READ|PROT_WRITE [pid 5092] ioctl(4, LOOP_CLR_FD [pid 5082] <... mprotect resumed>) = 0 [pid 5092] <... ioctl resumed>) = 0 [pid 5082] clone(child_stack=0x7f5b1873c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5092] close(4) = 0 [pid 5082] <... clone resumed>, parent_tid=[5094], tls=0x7f5b1873c700, child_tidptr=0x7f5b1873c9d0) = 5094 [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [ 56.987944][ T5085] ERROR: (device loop4): diRead: i_ino != di_number [ 56.987944][ T5085] [ 56.999924][ T5086] ERROR: (device loop3): remounting filesystem as read-only [ 57.007409][ T5090] ERROR: (device loop0): diRead: i_ino != di_number [ 57.007409][ T5090] [ 57.016308][ T5091] ERROR: (device loop5): diRead: i_ino != di_number [ 57.016308][ T5091] [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] open(".", O_RDONLY [pid 5080] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... open resumed>) = 4 [pid 5080] <... futex resumed>) = 0 [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5094 attached [pid 5092] <... futex resumed>) = 0 [pid 5080] <... mmap resumed>) = 0x7f5b1871c000 [pid 5094] set_robust_list(0x7f5b1873c9e0, 24 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] mprotect(0x7f5b1871d000, 131072, PROT_READ|PROT_WRITE [pid 5094] <... set_robust_list resumed>) = 0 [pid 5080] <... mprotect resumed>) = 0 [pid 5094] creat("./bus", 000 [pid 5080] clone(child_stack=0x7f5b1873c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5094] <... creat resumed>) = 5 [pid 5080] <... clone resumed>, parent_tid=[5095], tls=0x7f5b1873c700, child_tidptr=0x7f5b1873c9d0) = 5095 [pid 5080] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] ftruncate(5, 2048 [pid 5092] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... ftruncate resumed>) = 0 [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5094] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511 [ 57.035863][ T5090] ERROR: (device loop0): remounting filesystem as read-only [ 57.043383][ T5091] ERROR: (device loop5): remounting filesystem as read-only [ 57.044313][ T5085] ERROR: (device loop4): remounting filesystem as read-only [ 57.064319][ T27] audit: type=1804 audit(1675062866.058:2): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor296" name="/root/syzkaller.SUC4n8/0/file0/bus" dev="loop3" ino=7 res=1 errno=0 [pid 5082] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5086] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5094] <... open resumed>) = 6 [pid 5092] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5088] <... mount resumed>) = 0 [pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file0") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD [pid 5094] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... ioctl resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5088] close(4 [pid 5082] <... futex resumed>) = 0 [pid 5094] futex(0x7f5b1fc3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... close resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5094] sendfile(5, 6, NULL, 145139829833722 [pid 5088] <... futex resumed>) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5082] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5090] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5088] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 1 [pid 5088] open(".", O_RDONLY [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... open resumed>) = 4 [pid 5088] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5088] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... futex resumed>) = 0 [pid 5088] open_by_handle_at(4, {handle_bytes=8, handle_type=2, f_handle="\x0e\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7f5b1873c9e0, 24) = 0 [pid 5095] creat("./bus", 000) = -1 EROFS (Read-only file system) [pid 5095] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] ftruncate(-1, 2048) = -1 EBADF (Bad file descriptor) [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511) = -1 EROFS (Read-only file system) [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 1 [pid 5091] creat("./bus", 000 [pid 5090] creat("./bus", 000 [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... creat resumed>) = -1 EROFS (Read-only file system) [pid 5090] <... creat resumed>) = -1 EROFS (Read-only file system) [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5091] ftruncate(-1, 2048 [pid 5090] ftruncate(-1, 2048 [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5091] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511 [pid 5090] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511 [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5094] <... sendfile resumed>) = 2048 [pid 5091] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5090] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5086] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5095] futex(0x7f5b1fc3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] sendfile(-1, -1, NULL, 145139829833722 [pid 5080] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 1 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 1 [pid 5085] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5083] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5094] futex(0x7f5b1fc3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] exit_group(0 [pid 5081] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = ? [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... exit_group resumed>) = ? [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] +++ exited with 0 +++ [pid 5091] sendfile(-1, -1, NULL, 145139829833722 [pid 5090] sendfile(-1, -1, NULL, 145139829833722 [pid 5086] <... futex resumed>) = ? [pid 5085] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5091] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] <... futex resumed>) = ? [pid 5084] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5091] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5084] <... futex resumed>) = 0 [pid 5082] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 1 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5091] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... mmap resumed>) = 0x7f5b1871c000 [pid 5083] exit_group(0 [pid 5081] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5090] <... futex resumed>) = ? [pid 5084] mprotect(0x7f5b1871d000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... exit_group resumed>) = ? [ 57.087936][ T5092] ERROR: (device loop2): diRead: i_ino != di_number [ 57.087936][ T5092] [ 57.098204][ T5088] ERROR: (device loop1): diRead: i_ino != di_number [ 57.098204][ T5088] [ 57.112165][ T5092] ERROR: (device loop2): remounting filesystem as read-only [ 57.120245][ T5088] ERROR: (device loop1): remounting filesystem as read-only [pid 5081] <... exit_group resumed>) = ? [pid 5077] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=22 /* 0.22 s */} --- [pid 5078] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=19 /* 0.19 s */} --- [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5084] <... mprotect resumed>) = 0 [pid 5083] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ [pid 5084] clone(child_stack=0x7f5b1873c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5079] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5084] <... clone resumed>, parent_tid=[5096], tls=0x7f5b1873c700, child_tidptr=0x7f5b1873c9d0) = 5096 [pid 5079] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... openat resumed>) = 3 [pid 5079] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5079] getdents64(3, 0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5079] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5079] unlink("./0/binderfs") = 0 [pid 5079] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f5b1873c9e0, 24) = 0 [pid 5096] creat("./bus", 000) = 5 [pid 5092] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f5b1fc3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 1 [pid 5088] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5096] ftruncate(5, 2048 [pid 5088] <... futex resumed>) = 0 [pid 5084] futex(0x7f5b1fc3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ftruncate resumed>) = 0 [pid 5088] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f5b1fc3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5096] futex(0x7f5b1fc3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5088] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511 [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... open resumed>) = 6 [pid 5088] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5088] sendfile(5, 6, NULL, 145139829833722 [pid 5084] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 0 [pid 5078] restart_syscall(<... resuming interrupted clone ...> [pid 5077] restart_syscall(<... resuming interrupted clone ...> [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... restart_syscall resumed>) = 0 [pid 5077] <... restart_syscall resumed>) = 0 [pid 5092] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=24 /* 0.24 s */} --- [pid 5092] creat("./bus", 000 [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... sendfile resumed>) = 2048 [pid 5092] <... creat resumed>) = -1 EROFS (Read-only file system) [pid 5074] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 1 [pid 5078] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... futex resumed>) = 0 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5078] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 57.143129][ T27] audit: type=1800 audit(1675062866.058:3): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor296" name="bus" dev="loop3" ino=7 res=0 errno=0 [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5092] ftruncate(-1, 2048 [pid 5088] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5078] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5077] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5096] +++ exited with 0 +++ [pid 5092] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5088] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... openat resumed>) = 3 [pid 5077] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=17 /* 0.17 s */} --- [pid 5074] <... openat resumed>) = 3 [pid 5077] <... openat resumed>) = 3 [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] fstat(3, [pid 5074] fstat(3, [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5077] fstat(3, [pid 5092] <... futex resumed>) = 0 [pid 5074] getdents64(3, [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] open("./bus", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOFOLLOW, 0511 [pid 5078] getdents64(3, [pid 5077] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5092] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5078] <... getdents64 resumed>0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5077] getdents64(3, [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... getdents64 resumed>0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5092] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5078] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] <... getdents64 resumed>0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5075] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... openat resumed>) = 3 [pid 5092] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5092] sendfile(-1, -1, NULL, 145139829833722 [pid 5078] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] fstat(3, [pid 5092] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5092] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.185087][ T27] audit: type=1804 audit(1675062866.158:4): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor296" name="/root/syzkaller.pIdYMV/0/file0/bus" dev="loop1" ino=7 res=1 errno=0 [pid 5092] futex(0x7f5b1fc3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] lstat("./0/binderfs", [pid 5077] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] lstat("./0/binderfs", [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5077] lstat("./0/binderfs", [pid 5075] getdents64(3, [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5089] exit_group(0 [pid 5078] unlink("./0/binderfs" [pid 5077] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./0/binderfs" [pid 5089] <... exit_group resumed>) = ? [pid 5075] <... getdents64 resumed>0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5092] <... futex resumed>) = ? [pid 5078] <... unlink resumed>) = 0 [pid 5077] unlink("./0/binderfs" [pid 5092] +++ exited with 0 +++ [pid 5074] <... unlink resumed>) = 0 [pid 5089] +++ exited with 0 +++ [pid 5077] <... unlink resumed>) = 0 [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=20 /* 0.20 s */} --- [pid 5075] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5078] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] lstat("./0/binderfs", [pid 5076] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] unlink("./0/binderfs" [pid 5076] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] <... unlink resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5075] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, [pid 5077] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... getdents64 resumed>0x55555665d620 /* 4 entries */, 32768) = 112 [pid 5076] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./0/binderfs") = 0 [ 57.228062][ T27] audit: type=1800 audit(1675062866.158:5): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor296" name="bus" dev="loop1" ino=7 res=0 errno=0 [ 57.261742][ T5075] ------------[ cut here ]------------ [ 57.267403][ T5075] kernel BUG at fs/jfs/inode.c:169! [ 57.288676][ T5077] ------------[ cut here ]------------ [ 57.294173][ T5077] kernel BUG at fs/jfs/inode.c:169! [ 57.318689][ T5075] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 57.324798][ T5075] CPU: 1 PID: 5075 Comm: syz-executor296 Not tainted 6.2.0-rc5-syzkaller-00221-gab072681eabe #0 [ 57.335472][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 57.345574][ T5075] RIP: 0010:jfs_evict_inode+0x433/0x440 [ 57.351167][ T5075] Code: 89 ef e8 90 9d dc fe e9 14 fe ff ff e8 c6 e3 86 fe 48 c7 c7 00 5a 70 8d 4c 89 ee e8 a7 7a 7b 01 e9 89 fd ff ff e8 ad e3 86 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 41 57 41 56 41 54 53 49 89 [ 57.370789][ T5075] RSP: 0018:ffffc90003f6fa70 EFLAGS: 00010293 [ 57.376863][ T5075] RAX: ffffffff8304f873 RBX: ffff8880735ba5b8 RCX: ffff888021459d40 [pid 5076] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5079] <... umount2 resumed>) = 0 [pid 5079] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5079] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5079] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5079] getdents64(4, 0x555556665660 /* 2 entries */, 32768) = 48 [pid 5079] getdents64(4, 0x555556665660 /* 0 entries */, 32768) = 0 [pid 5079] close(4) = 0 [pid 5079] rmdir("./0/file0") = 0 [pid 5079] getdents64(3, 0x55555665d620 /* 0 entries */, 32768) = 0 [pid 5079] close(3) = 0 [pid 5079] rmdir("./0") = 0 [pid 5079] mkdir("./1", 0777) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5079] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5079] close(3) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665c5d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x55555665c5e0, 24) = 0 [pid 5099] chdir("./1") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5b1fb3d000 [pid 5099] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5100], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5100 [pid 5099] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f5b1fb5d9e0, 24) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 [pid 5076] <... umount2 resumed>) = 0 [ 57.384850][ T5075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880735ba930 [ 57.392831][ T5075] RBP: ffff8880735ba500 R08: ffffffff82125841 R09: fffffbfff20fc84a [ 57.400808][ T5075] R10: fffffbfff20fc84a R11: 1ffffffff20fc849 R12: dffffc0000000000 [ 57.408789][ T5075] R13: ffffffff8b2e1870 R14: dffffc0000000000 R15: ffff8880735ba930 [ 57.416769][ T5075] FS: 000055555665c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.425705][ T5075] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.432299][ T5075] CR2: 0000555556665628 CR3: 000000007dcae000 CR4: 00000000003506e0 [ 57.440284][ T5075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.448266][ T5075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.456219][ T5075] Call Trace: [ 57.459494][ T5075] [ 57.462422][ T5075] ? evict+0x29f/0x620 [ 57.466471][ T5075] ? jfs_write_inode+0x210/0x210 [ 57.471391][ T5075] evict+0x2a4/0x620 [ 57.475284][ T5075] evict_inodes+0x658/0x700 [ 57.479787][ T5075] ? clear_inode+0x150/0x150 [ 57.484354][ T5075] ? dput+0x3ee/0x410 [ 57.488318][ T5075] ? sync_filesystem+0x103/0x220 [ 57.493239][ T5075] generic_shutdown_super+0x94/0x310 [ 57.499286][ T5075] kill_block_super+0x79/0xd0 [ 57.503960][ T5075] deactivate_locked_super+0xa7/0xf0 [ 57.509225][ T5075] cleanup_mnt+0x494/0x520 [ 57.513621][ T5075] ? lockdep_hardirqs_on+0x8d/0x130 [ 57.518800][ T5075] task_work_run+0x243/0x300 [ 57.523377][ T5075] ? task_work_cancel+0x290/0x290 [ 57.528381][ T5075] ? path_umount+0x1e0/0xf90 [ 57.532958][ T5075] ptrace_notify+0x29a/0x340 [ 57.537528][ T5075] ? do_notify_parent+0xe00/0xe00 [ 57.542529][ T5075] ? user_path_at_empty+0x149/0x1a0 [ 57.547708][ T5075] ? __x64_sys_umount+0x113/0x150 [ 57.552714][ T5075] syscall_exit_work+0x8c/0xe0 [ 57.557821][ T5075] syscall_exit_to_user_mode_prepare+0x63/0xc0 [ 57.564508][ T5075] syscall_exit_to_user_mode+0xa/0x60 [ 57.569862][ T5075] do_syscall_64+0x49/0xb0 [ 57.574261][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.580141][ T5075] RIP: 0033:0x7f5b1fbb2a87 [ 57.584538][ T5075] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.604120][ T5075] RSP: 002b:00007ffe03a21848 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 57.612509][ T5075] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5b1fbb2a87 [ 57.620460][ T5075] RDX: 00007ffe03a21909 RSI: 000000000000000a RDI: 00007ffe03a21900 [ 57.628409][ T5075] RBP: 00007ffe03a21900 R08: 00000000ffffffff R09: 00007ffe03a216e0 [ 57.636361][ T5075] R10: 000055555665d653 R11: 0000000000000206 R12: 00007ffe03a229c0 [ 57.644312][ T5075] R13: 000055555665d5f0 R14: 00007ffe03a21870 R15: 00007ffe03a229e0 [ 57.652266][ T5075] [ 57.655267][ T5075] Modules linked in: [ 57.659180][ T5077] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 57.665266][ T5077] CPU: 0 PID: 5077 Comm: syz-executor296 Tainted: G D 6.2.0-rc5-syzkaller-00221-gab072681eabe #0 [ 57.677154][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 57.687218][ T5077] RIP: 0010:jfs_evict_inode+0x433/0x440 [ 57.692774][ T5077] Code: 89 ef e8 90 9d dc fe e9 14 fe ff ff e8 c6 e3 86 fe 48 c7 c7 00 5a 70 8d 4c 89 ee e8 a7 7a 7b 01 e9 89 fd ff ff e8 ad e3 86 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 41 57 41 56 41 54 53 49 89 [ 57.712382][ T5077] RSP: 0018:ffffc90003f9fa70 EFLAGS: 00010293 [ 57.718454][ T5077] RAX: ffffffff8304f873 RBX: ffff8880735b80b8 RCX: ffff8880267b3a80 [ 57.726428][ T5077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880735b8430 [ 57.734405][ T5077] RBP: ffff8880735b8000 R08: ffffffff82125841 R09: fffffbfff20fc84a [ 57.736647][ T5075] ---[ end trace 0000000000000000 ]--- [ 57.742363][ T5077] R10: fffffbfff20fc84a R11: 1ffffffff20fc849 R12: dffffc0000000000 [ 57.742375][ T5077] R13: ffffffff8b2e1870 R14: dffffc0000000000 R15: ffff8880735b8430 [ 57.742385][ T5077] FS: 000055555665c300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.742398][ T5077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.747845][ T5075] RIP: 0010:jfs_evict_inode+0x433/0x440 [ 57.755773][ T5077] CR2: 00007f5b17ad1000 CR3: 000000007786d000 CR4: 00000000003506f0 [ 57.763834][ T5075] Code: 89 ef e8 90 9d dc fe e9 14 fe ff ff e8 c6 e3 86 fe 48 c7 c7 00 5a 70 8d 4c 89 ee e8 a7 7a 7b 01 e9 89 fd ff ff e8 ad e3 86 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 41 57 41 56 41 54 53 49 89 [ 57.772620][ T5077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.772631][ T5077] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.772641][ T5077] Call Trace: [ 57.779208][ T5075] RSP: 0018:ffffc90003f6fa70 EFLAGS: 00010293 [ 57.784716][ T5077] [ 57.784723][ T5077] ? evict+0x29f/0x620 [ 57.792676][ T5075] [ 57.812236][ T5077] ? jfs_write_inode+0x210/0x210 [ 57.812257][ T5077] evict+0x2a4/0x620 [ 57.836309][ T5075] RAX: ffffffff8304f873 RBX: ffff8880735ba5b8 RCX: ffff888021459d40 [ 57.837470][ T5077] evict_inodes+0x658/0x700 [ 57.837494][ T5077] ? clear_inode+0x150/0x150 [ 57.843384][ T5075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880735ba930 [ 57.844451][ T5077] ? dput+0x3ee/0x410 [ 57.844475][ T5077] ? sync_filesystem+0x103/0x220 [ 57.849320][ T5075] RBP: ffff8880735ba500 R08: ffffffff82125841 R09: fffffbfff20fc84a [ 57.851694][ T5077] generic_shutdown_super+0x94/0x310 [ 57.851722][ T5077] kill_block_super+0x79/0xd0 [ 57.856061][ T5075] R10: fffffbfff20fc84a R11: 1ffffffff20fc849 R12: dffffc0000000000 [ 57.863727][ T5077] deactivate_locked_super+0xa7/0xf0 [ 57.863749][ T5077] cleanup_mnt+0x494/0x520 [ 57.863763][ T5077] ? lockdep_hardirqs_on+0x8d/0x130 [ 57.886266][ T5075] R13: ffffffff8b2e1870 R14: dffffc0000000000 R15: ffff8880735ba930 [ 57.890257][ T5077] task_work_run+0x243/0x300 [ 57.890287][ T5077] ? task_work_cancel+0x290/0x290 [ 57.916292][ T5075] FS: 000055555665c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.921380][ T5077] ? path_umount+0x1e0/0xf90 [ 57.921407][ T5077] ptrace_notify+0x29a/0x340 [ 57.921424][ T5077] ? do_notify_parent+0xe00/0xe00 [ 57.921439][ T5077] ? user_path_at_empty+0x149/0x1a0 [ 57.933526][ T5075] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.938975][ T5077] ? __x64_sys_umount+0x113/0x150 [ 57.939002][ T5077] syscall_exit_work+0x8c/0xe0 [ 57.953324][ T5075] CR2: 00007f5b17bd9000 CR3: 000000007dcae000 CR4: 00000000003506e0 [ 57.957513][ T5077] syscall_exit_to_user_mode_prepare+0x63/0xc0 [ 58.007352][ T5077] syscall_exit_to_user_mode+0xa/0x60 [ 58.012719][ T5077] do_syscall_64+0x49/0xb0 [ 58.017126][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.023006][ T5077] RIP: 0033:0x7f5b1fbb2a87 [ 58.027405][ T5077] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.047014][ T5077] RSP: 002b:00007ffe03a21848 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 58.055414][ T5077] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5b1fbb2a87 [ 58.063372][ T5077] RDX: 00007ffe03a21909 RSI: 000000000000000a RDI: 00007ffe03a21900 [ 58.071327][ T5077] RBP: 00007ffe03a21900 R08: 00000000ffffffff R09: 00007ffe03a216e0 [ 58.079281][ T5077] R10: 000055555665d653 R11: 0000000000000206 R12: 00007ffe03a229c0 [pid 5078] <... umount2 resumed>) = 0 [pid 5076] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = 0 [pid 5078] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5078] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/file0", [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5078] lstat("./0/file0", [pid 5076] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] lstat("./0/file0", [pid 5078] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5078] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5078] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5076] <... openat resumed>) = 4 [pid 5074] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5078] <... openat resumed>) = 4 [pid 5076] fstat(4, [pid 5074] <... openat resumed>) = 4 [pid 5078] fstat(4, [pid 5076] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] fstat(4, [pid 5078] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(4, [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5078] getdents64(4, [pid 5076] <... getdents64 resumed>0x555556665660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, [pid 5078] <... getdents64 resumed>0x555556665660 /* 2 entries */, 32768) = 48 [pid 5076] getdents64(4, [pid 5074] <... getdents64 resumed>0x555556665660 /* 2 entries */, 32768) = 48 [pid 5078] getdents64(4, [pid 5076] <... getdents64 resumed>0x555556665660 /* 0 entries */, 32768) = 0 [pid 5074] getdents64(4, [pid 5078] <... getdents64 resumed>0x555556665660 /* 0 entries */, 32768) = 0 [pid 5076] close(4 [pid 5074] <... getdents64 resumed>0x555556665660 /* 0 entries */, 32768) = 0 [pid 5078] close(4 [pid 5076] <... close resumed>) = 0 [pid 5074] close(4 [pid 5078] <... close resumed>) = 0 [pid 5076] rmdir("./0/file0" [pid 5074] <... close resumed>) = 0 [pid 5078] rmdir("./0/file0" [pid 5076] <... rmdir resumed>) = 0 [pid 5074] rmdir("./0/file0" [pid 5078] <... rmdir resumed>) = 0 [pid 5076] getdents64(3, [pid 5074] <... rmdir resumed>) = 0 [pid 5078] getdents64(3, [pid 5076] <... getdents64 resumed>0x55555665d620 /* 0 entries */, 32768) = 0 [pid 5074] getdents64(3, [pid 5078] <... getdents64 resumed>0x55555665d620 /* 0 entries */, 32768) = 0 [pid 5076] close(3 [pid 5074] <... getdents64 resumed>0x55555665d620 /* 0 entries */, 32768) = 0 [pid 5078] close(3 [pid 5076] <... close resumed>) = 0 [pid 5074] close(3 [pid 5078] <... close resumed>) = 0 [pid 5076] rmdir("./0" [pid 5074] <... close resumed>) = 0 [pid 5078] rmdir("./0" [pid 5076] <... rmdir resumed>) = 0 [pid 5074] rmdir("./0" [pid 5078] <... rmdir resumed>) = 0 [pid 5076] mkdir("./1", 0777 [pid 5074] <... rmdir resumed>) = 0 [pid 5078] mkdir("./1", 0777 [pid 5076] <... mkdir resumed>) = 0 [pid 5074] mkdir("./1", 0777 [pid 5078] <... mkdir resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5074] <... mkdir resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5076] <... openat resumed>) = 3 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5078] <... openat resumed>) = 3 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5074] <... openat resumed>) = 3 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5074] ioctl(3, LOOP_CLR_FD [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5076] close(3 [pid 5074] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] close(3 [pid 5076] <... close resumed>) = 0 [pid 5074] close(3 [pid 5078] <... close resumed>) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... close resumed>) = 0 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5101 [pid 5078] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5102 [pid 5074] <... clone resumed>, child_tidptr=0x55555665c5d0) = 5103 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x55555665c5e0, 24) = 0 [pid 5102] chdir("./1") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5b1fb3d000 [pid 5102] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5104], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5104 [pid 5102] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f5b1fb5d9e0, 24) = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x55555665c5e0, 24) = 0 [pid 5103] chdir("./1"./strace-static-x86_64: Process 5101 attached ) = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] set_robust_list(0x55555665c5e0, 24 [pid 5103] setpgid(0, 0 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5103] <... setpgid resumed>) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5101] chdir("./1" [pid 5103] <... openat resumed>) = 3 [pid 5101] <... chdir resumed>) = 0 [pid 5103] write(3, "1000", 4 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5103] <... write resumed>) = 4 [pid 5101] <... prctl resumed>) = 0 [pid 5103] close(3 [pid 5101] setpgid(0, 0 [pid 5103] <... close resumed>) = 0 [pid 5101] <... setpgid resumed>) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs" [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5103] <... symlink resumed>) = 0 [pid 5103] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... openat resumed>) = 3 [pid 5103] <... futex resumed>) = 0 [pid 5101] write(3, "1000", 4 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] <... write resumed>) = 4 [pid 5103] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5101] close(3 [pid 5103] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE [pid 5101] <... close resumed>) = 0 [pid 5103] <... mprotect resumed>) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs" [pid 5103] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5101] <... symlink resumed>) = 0 [pid 5101] futex(0x7f5b1fc3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... clone resumed>, parent_tid=[5105], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5105 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] <... mmap resumed>) = 0x7f5b1fb3d000 [pid 5101] mprotect(0x7f5b1fb3e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f5b1fb5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f5b1fb5d700, child_tidptr=0x7f5b1fb5d9d0) = 5106 [pid 5101] futex(0x7f5b1fc3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f5b1fc3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f5b1fb5d9e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 ./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f5b1fb5d9e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b1773d000 [ 58.087255][ T5077] R13: 000055555665d5f0 R14: 00007ffe03a21870 R15: 00007ffe03a229e0 [ 58.095255][ T5077] [ 58.098283][ T5077] Modules linked in: [ 58.118446][ T5075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.160793][ T5075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.187459][ T5075] Kernel panic - not syncing: Fatal exception [ 58.193775][ T5075] Kernel Offset: disabled [ 58.198102][ T5075] Rebooting in 86400 seconds..