./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3773817184 <...> Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. execve("./syz-executor3773817184", ["./syz-executor3773817184"], 0x7ffc0bd6c360 /* 10 vars */) = 0 brk(NULL) = 0x555556f15000 brk(0x555556f15c40) = 0x555556f15c40 arch_prctl(ARCH_SET_FS, 0x555556f15300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556f155d0) = 5002 set_robust_list(0x555556f155e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fdbd82e75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fdbd82e7c80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdbd82e7650, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbd82e7c80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3773817184", 4096) = 28 brk(0x555556f36c40) = 0x555556f36c40 brk(0x555556f37000) = 0x555556f37000 mprotect(0x7fdbd83a9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5002 mkdir("./syzkaller.3rXkzo", 0700) = 0 chmod("./syzkaller.3rXkzo", 0777) = 0 chdir("./syzkaller.3rXkzo") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5003 ./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x555556f155e0, 24) = 0 [pid 5003] chdir("./0") = 0 [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5003] setpgid(0, 0) = 0 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1000", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5003] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5003] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5005], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5005 [pid 5003] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5003] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5006], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5006 [pid 5003] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7fdbd82b59e0, 24) = 0 ./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x7fdbd82d69e0, 24 [pid 5006] memfd_create("syzkaller", 0 [pid 5005] <... set_robust_list resumed>) = 0 [pid 5005] memfd_create("syzkaller", 0 [pid 5006] <... memfd_create resumed>) = 3 [pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5005] <... memfd_create resumed>) = 4 [pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5005] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5006] <... write resumed>) = 262144 [pid 5006] munmap(0x7fdbcfe95000, 262144 [pid 5005] <... write resumed>) = 262144 [pid 5005] munmap(0x7fdbc7a95000, 262144 [pid 5006] <... munmap resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5006] ioctl(5, LOOP_SET_FD, 3 [pid 5005] <... munmap resumed>) = 0 [pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5006] <... ioctl resumed>) = 0 [pid 5006] close(3 [pid 5005] ioctl(6, LOOP_SET_FD, 4 [pid 5006] <... close resumed>) = 0 [pid 5005] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5006] mkdir("./file0", 0777 [pid 5005] ioctl(6, LOOP_CLR_FD [pid 5006] <... mkdir resumed>) = 0 [pid 5005] <... ioctl resumed>) = 0 [pid 5006] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5005] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5005] close(6) = 0 [pid 5005] close(4) = 0 [pid 5005] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 syzkaller login: [ 58.555963][ T5006] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5006 'syz-executor377' [ 58.579195][ T5006] loop0: detected capacity change from 0 to 512 [pid 5005] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... mount resumed>) = 0 [pid 5006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] chdir("./file0") = 0 [pid 5006] ioctl(5, LOOP_CLR_FD) = 0 [pid 5006] close(5) = 0 [pid 5006] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5006] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5003] <... futex resumed>) = 1 [pid 5005] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [ 58.598181][ T5006] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 58.622805][ T5006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 58.635316][ T5006] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5003] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5005] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5005] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] <... futex resumed>) = 0 [pid 5005] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5003] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5005] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5005] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5005] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 4 [pid 5005] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5005] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] exit_group(0 [pid 5006] <... futex resumed>) = ? [pid 5003] <... exit_group resumed>) = ? [pid 5006] +++ exited with 0 +++ [pid 5005] <... futex resumed>) = ? [pid 5005] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 58.663837][ T5005] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz-executor377: bg 0: block 44: padding at end of block bitmap is not set umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 58.718795][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5010 ./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x555556f155e0, 24) = 0 [pid 5010] chdir("./1") = 0 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5010] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5010] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5011], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5011 ./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5010] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] memfd_create("syzkaller", 0 [pid 5010] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5010] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5012], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5012 [pid 5010] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5012] memfd_create("syzkaller", 0) = 4 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5011] <... memfd_create resumed>) = 3 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5012] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5012] <... write resumed>) = 262144 [pid 5012] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5012] ioctl(5, LOOP_SET_FD, 4 [pid 5011] <... write resumed>) = 262144 [pid 5011] munmap(0x7fdbc7a95000, 262144 [pid 5012] <... ioctl resumed>) = 0 [pid 5011] <... munmap resumed>) = 0 [pid 5012] close(4) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5012] mkdir("./file0", 0777) = 0 [pid 5011] <... openat resumed>) = 4 [pid 5012] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5011] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5011] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5011] close(4) = 0 [pid 5011] close(3) = 0 [pid 5011] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.811056][ T5012] loop0: detected capacity change from 0 to 512 [ 58.823806][ T5012] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [pid 5011] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] <... mount resumed>) = 0 [pid 5012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5012] chdir("./file0") = 0 [pid 5012] ioctl(5, LOOP_CLR_FD) = 0 [pid 5012] close(5) = 0 [pid 5012] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5012] <... futex resumed>) = 1 [pid 5012] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5010] <... futex resumed>) = 1 [pid 5011] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 58.850941][ T5012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 58.863924][ T5012] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.891335][ T5011] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5010] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5011] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5011] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5010] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5011] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.915611][ T5011] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 58.931724][ T5011] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 58.946521][ T5011] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5011] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5011] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] exit_group(0 [pid 5012] <... futex resumed>) = ? [pid 5010] <... exit_group resumed>) = ? [pid 5012] +++ exited with 0 +++ [pid 5011] +++ exited with 0 +++ [pid 5010] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 58.961701][ T5011] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 58.998322][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5015 attached , child_tidptr=0x555556f155d0) = 5015 [pid 5015] set_robust_list(0x555556f155e0, 24) = 0 [pid 5015] chdir("./2") = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5015] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5015] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5016 attached , parent_tid=[5016], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5016 [pid 5015] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5015] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5016] set_robust_list(0x7fdbd82d69e0, 24 [pid 5015] <... mprotect resumed>) = 0 [pid 5015] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5017], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5017 [pid 5016] <... set_robust_list resumed>) = 0 [pid 5015] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5017 attached [pid 5017] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5017] memfd_create("syzkaller", 0) = 3 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5016] memfd_create("syzkaller", 0) = 4 [pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 268436 [pid 5016] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5017] <... write resumed>) = 268436 [pid 5017] munmap(0x7fdbcfe95000, 268436 [pid 5016] <... write resumed>) = 262144 [pid 5017] <... munmap resumed>) = 0 [pid 5016] munmap(0x7fdbc7a95000, 262144 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5017] ioctl(5, LOOP_SET_FD, 3 [pid 5016] <... munmap resumed>) = 0 [pid 5017] <... ioctl resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5017] close(3) = 0 [pid 5017] mkdir("./file0", 0777 [pid 5016] <... openat resumed>) = 3 [pid 5017] <... mkdir resumed>) = 0 [pid 5017] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5016] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5016] ioctl(3, LOOP_CLR_FD) = 0 [pid 5016] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5016] close(3) = 0 [pid 5016] close(4) = 0 [pid 5016] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 59.091419][ T5017] loop0: detected capacity change from 0 to 524 [ 59.103053][ T5017] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 59.116024][ T5017] EXT4-fs warning (device loop0): read_mmp_block:114: Error -117 while reading MMP block 12 [pid 5017] ioctl(5, LOOP_CLR_FD) = 0 [pid 5017] close(5) = 0 [pid 5017] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5015] <... futex resumed>) = 1 [pid 5016] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5015] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [pid 5017] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5016] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5016] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5015] <... futex resumed>) = 0 [pid 5016] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5015] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5016] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5016] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5015] <... futex resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5015] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5016] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5016] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] exit_group(0 [pid 5017] <... futex resumed>) = ? [pid 5016] <... futex resumed>) = ? [pid 5015] <... exit_group resumed>) = ? [pid 5016] +++ exited with 0 +++ [pid 5017] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x555556f155e0, 24) = 0 [pid 5018] chdir("./3") = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5018] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5018] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5019 attached , parent_tid=[5019], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5019 [pid 5019] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5019] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5018] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5019] memfd_create("syzkaller", 0 [pid 5018] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5019] <... memfd_create resumed>) = 3 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5020 attached [pid 5018] <... clone resumed>, parent_tid=[5020], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5020 [pid 5018] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5019] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5020] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5020] memfd_create("syzkaller", 0) = 4 [pid 5019] munmap(0x7fdbcfe95000, 138412032 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... munmap resumed>) = 0 [pid 5020] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5019] close(3) = 0 [pid 5019] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5020] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5020] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5020] close(4) = 0 [pid 5020] mkdir("./file0", 0777) = 0 [ 59.286513][ T5020] loop0: detected capacity change from 0 to 512 [ 59.297569][ T5020] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 59.318886][ T5020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5020] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5020] chdir("./file0") = 0 [pid 5020] ioctl(3, LOOP_CLR_FD) = 0 [pid 5020] close(3) = 0 [pid 5020] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5020] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... futex resumed>) = 0 [ 59.331216][ T5020] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.363536][ T5019] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5019] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5019] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... futex resumed>) = 1 [pid 5019] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = 0 [pid 5019] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.378684][ T5019] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 59.398541][ T5019] [ 59.401162][ T5019] ====================================================== [ 59.408164][ T5019] WARNING: possible circular locking dependency detected [ 59.415163][ T5019] 6.4.0-rc1-next-20230512-syzkaller #0 Not tainted [ 59.421652][ T5019] ------------------------------------------------------ [ 59.428753][ T5019] syz-executor377/5019 is trying to acquire lock: [ 59.435149][ T5019] ffff8880787f73a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0x68f/0x26c0 [ 59.445046][ T5019] [ 59.445046][ T5019] but task is already holding lock: [ 59.452405][ T5019] ffff8880787f7200 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: do_truncate+0x131/0x200 [ 59.462098][ T5019] [ 59.462098][ T5019] which lock already depends on the new lock. [ 59.462098][ T5019] [ 59.472500][ T5019] [ 59.472500][ T5019] the existing dependency chain (in reverse order) is: [ 59.481512][ T5019] [ 59.481512][ T5019] -> #3 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}: [ 59.489896][ T5019] down_write+0x92/0x200 [ 59.494684][ T5019] ext4_xattr_set_entry+0x2b19/0x39e0 [ 59.500583][ T5019] ext4_xattr_block_set+0xcb7/0x3030 [ 59.506391][ T5019] ext4_xattr_set_handle+0xd8a/0x1510 [ 59.512284][ T5019] ext4_xattr_set+0x144/0x360 [ 59.517670][ T5019] __vfs_setxattr+0x173/0x1e0 [ 59.522866][ T5019] __vfs_setxattr_noperm+0x129/0x5f0 [ 59.528868][ T5019] __vfs_setxattr_locked+0x1d3/0x260 [ 59.534673][ T5019] vfs_setxattr+0x143/0x340 [ 59.539714][ T5019] do_setxattr+0x147/0x190 [ 59.544645][ T5019] setxattr+0x146/0x160 [ 59.549318][ T5019] path_setxattr+0x197/0x1c0 [ 59.554616][ T5019] __x64_sys_setxattr+0xc4/0x160 [ 59.560160][ T5019] do_syscall_64+0x39/0xb0 [ 59.565102][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.571524][ T5019] [ 59.571524][ T5019] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 59.579340][ T5019] down_write+0x92/0x200 [ 59.584103][ T5019] ext4_xattr_set_handle+0x160/0x1510 [ 59.589996][ T5019] ext4_xattr_set+0x144/0x360 [ 59.595234][ T5019] __vfs_setxattr+0x173/0x1e0 [ 59.600631][ T5019] __vfs_setxattr_noperm+0x129/0x5f0 [ 59.606894][ T5019] __vfs_setxattr_locked+0x1d3/0x260 [ 59.612697][ T5019] vfs_setxattr+0x143/0x340 [ 59.617719][ T5019] do_setxattr+0x147/0x190 [ 59.622653][ T5019] setxattr+0x146/0x160 [ 59.627328][ T5019] path_setxattr+0x197/0x1c0 [ 59.632437][ T5019] __x64_sys_setxattr+0xc4/0x160 [ 59.637891][ T5019] do_syscall_64+0x39/0xb0 [ 59.642842][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.649263][ T5019] [ 59.649263][ T5019] -> #1 (jbd2_handle){++++}-{0:0}: [ 59.657188][ T5019] start_this_handle+0xfe7/0x14e0 [ 59.662738][ T5019] jbd2__journal_start+0x38a/0x6b0 [ 59.668459][ T5019] __ext4_journal_start_sb+0x411/0x5d0 [ 59.674437][ T5019] ext4_truncate+0x54f/0x1340 [ 59.679648][ T5019] ext4_setattr+0x1ac1/0x26c0 [ 59.684848][ T5019] notify_change+0xb2c/0x1180 [ 59.690040][ T5019] do_truncate+0x143/0x200 [ 59.694982][ T5019] do_sys_ftruncate+0x53a/0x770 [ 59.700448][ T5019] do_syscall_64+0x39/0xb0 [ 59.705483][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.711905][ T5019] [ 59.711905][ T5019] -> #0 (mapping.invalidate_lock){++++}-{3:3}: [ 59.720244][ T5019] __lock_acquire+0x2fcd/0x5f30 [ 59.725634][ T5019] lock_acquire.part.0+0x11c/0x370 [ 59.731290][ T5019] down_write+0x92/0x200 [ 59.736070][ T5019] ext4_setattr+0x68f/0x26c0 [ 59.741196][ T5019] notify_change+0xb2c/0x1180 [ 59.746430][ T5019] do_truncate+0x143/0x200 [ 59.751391][ T5019] path_openat+0x2083/0x2750 [ 59.756955][ T5019] do_filp_open+0x1ba/0x410 [ 59.762516][ T5019] do_sys_openat2+0x16d/0x4c0 [ 59.767821][ T5019] __x64_sys_openat+0x143/0x1f0 [ 59.773191][ T5019] do_syscall_64+0x39/0xb0 [ 59.778201][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.784973][ T5019] [ 59.784973][ T5019] other info that might help us debug this: [ 59.784973][ T5019] [ 59.795210][ T5019] Chain exists of: [ 59.795210][ T5019] mapping.invalidate_lock --> &ei->xattr_sem --> &ea_inode->i_rwsem#8/1 [ 59.795210][ T5019] [ 59.809996][ T5019] Possible unsafe locking scenario: [ 59.809996][ T5019] [ 59.817625][ T5019] CPU0 CPU1 [ 59.822983][ T5019] ---- ---- [ 59.828338][ T5019] lock(&ea_inode->i_rwsem#8/1); [ 59.833391][ T5019] lock(&ei->xattr_sem); [ 59.840233][ T5019] lock(&ea_inode->i_rwsem#8/1); [ 59.847780][ T5019] lock(mapping.invalidate_lock); [ 59.852887][ T5019] [ 59.852887][ T5019] *** DEADLOCK *** [ 59.852887][ T5019] [ 59.861280][ T5019] 2 locks held by syz-executor377/5019: [ 59.866820][ T5019] #0: ffff888021c64460 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x19a4/0x2750 [ 59.876773][ T5019] #1: ffff8880787f7200 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: do_truncate+0x131/0x200 [ 59.886892][ T5019] [ 59.886892][ T5019] stack backtrace: [ 59.892768][ T5019] CPU: 0 PID: 5019 Comm: syz-executor377 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0 [ 59.902745][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 59.913246][ T5019] Call Trace: [ 59.916526][ T5019] [ 59.919468][ T5019] dump_stack_lvl+0xd9/0x150 [ 59.924076][ T5019] check_noncircular+0x25f/0x2e0 [ 59.929124][ T5019] ? print_circular_bug+0x730/0x730 [ 59.934340][ T5019] ? stack_trace_save+0x90/0xc0 [ 59.939207][ T5019] ? __kmem_cache_free+0xaf/0x2d0 [ 59.944238][ T5019] __lock_acquire+0x2fcd/0x5f30 [ 59.949104][ T5019] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.955181][ T5019] ? mark_lock.part.0+0xee/0x1970 [ 59.960300][ T5019] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.966984][ T5019] lock_acquire.part.0+0x11c/0x370 [ 59.972195][ T5019] ? ext4_setattr+0x68f/0x26c0 [ 59.977324][ T5019] ? lock_sync+0x190/0x190 [ 59.981751][ T5019] ? rcu_is_watching+0x12/0xb0 [ 59.986517][ T5019] ? trace_lock_acquire+0x12d/0x180 [ 59.991723][ T5019] ? ext4_setattr+0x68f/0x26c0 [ 59.996486][ T5019] ? lock_acquire+0x32/0xc0 [ 60.001000][ T5019] ? ext4_setattr+0x68f/0x26c0 [ 60.005794][ T5019] down_write+0x92/0x200 [ 60.010128][ T5019] ? ext4_setattr+0x68f/0x26c0 [ 60.015066][ T5019] ? down_write_killable+0x250/0x250 [ 60.020443][ T5019] ? setattr_prepare+0x140/0x9b0 [ 60.025385][ T5019] ext4_setattr+0x68f/0x26c0 [ 60.030007][ T5019] ? current_time+0x1fe/0x2c0 [ 60.034695][ T5019] ? from_vfsuid+0x170/0x170 [ 60.039299][ T5019] ? ext4_journalled_write_end+0xfb0/0xfb0 [ 60.045117][ T5019] notify_change+0xb2c/0x1180 [ 60.049804][ T5019] ? do_truncate+0x143/0x200 [ 60.054410][ T5019] do_truncate+0x143/0x200 [ 60.058931][ T5019] ? file_open_root+0x460/0x460 [ 60.064401][ T5019] ? common_perm_cond+0x230/0x830 [ 60.069437][ T5019] ? ext4_file_write_iter+0x1740/0x1740 [ 60.075004][ T5019] path_openat+0x2083/0x2750 [ 60.079714][ T5019] ? __lock_acquire+0x1987/0x5f30 [ 60.084758][ T5019] ? path_lookupat+0x840/0x840 [ 60.089545][ T5019] do_filp_open+0x1ba/0x410 [ 60.094157][ T5019] ? may_open_dev+0xf0/0xf0 [ 60.098759][ T5019] ? find_held_lock+0x2d/0x110 [ 60.103617][ T5019] ? do_raw_spin_lock+0x124/0x2b0 [ 60.108651][ T5019] ? spin_bug+0x1c0/0x1c0 [ 60.112994][ T5019] ? _raw_spin_unlock+0x28/0x40 [ 60.118511][ T5019] ? alloc_fd+0x2e4/0x750 [ 60.122844][ T5019] do_sys_openat2+0x16d/0x4c0 [ 60.127520][ T5019] ? ptrace_stop.part.0+0x60f/0x8e0 [ 60.132825][ T5019] ? build_open_flags+0x720/0x720 [ 60.137936][ T5019] ? ptrace_notify+0xfe/0x140 [ 60.142614][ T5019] ? lock_downgrade+0x690/0x690 [ 60.147483][ T5019] __x64_sys_openat+0x143/0x1f0 [ 60.152337][ T5019] ? __ia32_sys_open+0x1c0/0x1c0 [ 60.157531][ T5019] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.162741][ T5019] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.167956][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.173548][ T5019] ? ptrace_notify+0xfe/0x140 [ 60.178352][ T5019] do_syscall_64+0x39/0xb0 [ 60.182784][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.188834][ T5019] RIP: 0033:0x7fdbd832a659 [ 60.193364][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.213146][ T5019] RSP: 002b:00007fdbd82d62f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.221569][ T5019] RAX: ffffffffffffffda RBX: 00007fdbd83af780 RCX: 00007fdbd832a659 [ 60.229538][ T5019] RDX: 0000000000028200 RSI: 00000000200000c0 RDI: ffffffffffffff9c [pid 5019] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 3 [pid 5018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5019] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] exit_group(0 [pid 5019] <... futex resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5019] +++ exited with 0 +++ [pid 5020] <... futex resumed>) = ? [pid 5020] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 60.237610][ T5019] RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000 [ 60.245925][ T5019] R10: 000000000000002d R11: 0000000000000246 R12: 00007fdbd837c0c0 [ 60.253904][ T5019] R13: 95ac780a7f2d2eef R14: 2f30656c69662f2e R15: 00007fdbd83af788 [ 60.262051][ T5019] [ 60.280104][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x555556f155e0, 24) = 0 [pid 5023] chdir("./4") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5023] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x7fdbd82d69e0, 24 [pid 5023] <... clone resumed>, parent_tid=[5024], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5024 [pid 5024] <... set_robust_list resumed>) = 0 [pid 5023] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] memfd_create("syzkaller", 0 [pid 5023] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... memfd_create resumed>) = 3 [pid 5023] <... futex resumed>) = 0 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5024] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5023] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5023] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5025], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5025 [pid 5023] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5025] <... set_robust_list resumed>) = 0 [pid 5025] memfd_create("syzkaller", 0) = 4 [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5024] <... write resumed>) = 262144 [pid 5024] munmap(0x7fdbcfeb6000, 262144 [pid 5025] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5024] <... munmap resumed>) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5025] <... write resumed>) = 262144 [pid 5024] <... openat resumed>) = 5 [pid 5025] munmap(0x7fdbc7a95000, 262144 [pid 5024] ioctl(5, LOOP_SET_FD, 3 [pid 5025] <... munmap resumed>) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5025] ioctl(6, LOOP_SET_FD, 4 [pid 5024] <... ioctl resumed>) = 0 [pid 5025] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5025] ioctl(6, LOOP_CLR_FD) = 0 [pid 5024] close(3) = 0 [pid 5024] mkdir("./file0", 0777) = 0 [pid 5025] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5025] close(6 [pid 5024] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5025] <... close resumed>) = 0 [pid 5025] close(4) = 0 [pid 5025] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 0 [pid 5024] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5023] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = 0 [pid 5025] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5024] ioctl(5, LOOP_CLR_FD [pid 5025] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5025] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5025] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5023] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5025] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5023] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5025] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [ 60.345162][ T5024] loop0: detected capacity change from 0 to 512 [ 60.362239][ T5024] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5025] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... ioctl resumed>) = 0 [pid 5024] close(5) = 0 [pid 5024] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] exit_group(0 [pid 5025] <... futex resumed>) = ? [pid 5023] <... exit_group resumed>) = ? [pid 5025] +++ exited with 0 +++ [pid 5024] <... futex resumed>) = ? [pid 5024] +++ exited with 0 +++ [pid 5023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5026 ./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x555556f155e0, 24) = 0 [pid 5026] chdir("./5") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5026] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5027], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5027 [pid 5026] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5026] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5028], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5028 [pid 5026] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5028] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x7fdbd82d69e0, 24 [pid 5028] <... ioctl resumed>) = 0 [pid 5027] <... set_robust_list resumed>) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file0", 0777 [pid 5027] memfd_create("syzkaller", 0) = 3 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5028] <... mkdir resumed>) = 0 [pid 5028] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5027] <... mmap resumed>) = 0x7fdbc7ad5000 [pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5027] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5027] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5027] ioctl(5, LOOP_CLR_FD) = 0 [pid 5027] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5027] close(5) = 0 [pid 5027] close(3) = 0 [pid 5027] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.437293][ T5028] loop0: detected capacity change from 0 to 512 [ 60.447311][ T5028] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 60.470498][ T5028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5027] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... mount resumed>) = 0 [pid 5028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5028] chdir("./file0") = 0 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [pid 5028] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5026] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 1 [pid 5028] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [ 60.483031][ T5028] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.518517][ T5027] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5027] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5027] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5027] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5026] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5027] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5027] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.533665][ T5027] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 60.547658][ T5027] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 60.566082][ T5027] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5027] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5027] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] exit_group(0 [pid 5028] <... futex resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5028] +++ exited with 0 +++ [pid 5027] <... futex resumed>) = ? [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 60.579817][ T5027] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 60.598695][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5031 ./strace-static-x86_64: Process 5031 attached [pid 5031] set_robust_list(0x555556f155e0, 24) = 0 [pid 5031] chdir("./6") = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5031] setpgid(0, 0) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5031] write(3, "1000", 4) = 4 [pid 5031] close(3) = 0 [pid 5031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5031] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5031] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5031] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5032], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5032 [pid 5031] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x7fdbd82d69e0, 24 [pid 5031] <... mmap resumed>) = 0x7fdbd8295000 [pid 5032] <... set_robust_list resumed>) = 0 [pid 5031] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5032] memfd_create("syzkaller", 0) = 3 [pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5031] <... mprotect resumed>) = 0 [pid 5032] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5031] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5033], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5033 [pid 5031] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5033] memfd_create("syzkaller", 0) = 4 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5032] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5032] close(3 [pid 5033] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5032] <... close resumed>) = 0 [pid 5032] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... write resumed>) = 262144 [pid 5033] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5033] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5033] close(4) = 0 [pid 5033] mkdir("./file0", 0777) = 0 [ 60.688074][ T5033] loop0: detected capacity change from 0 to 512 [ 60.697575][ T5033] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 60.717236][ T5033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5033] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5033] chdir("./file0") = 0 [pid 5033] ioctl(3, LOOP_CLR_FD) = 0 [pid 5033] close(3) = 0 [pid 5033] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [ 60.729702][ T5033] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5032] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5031] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5032] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 1 [ 60.761543][ T5032] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 60.776738][ T5032] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 60.789623][ T5032] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5032] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5032] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 1 [pid 5032] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5032] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 1 [pid 5031] exit_group(0 [pid 5033] <... futex resumed>) = ? [pid 5031] <... exit_group resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ [pid 5031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 60.804341][ T5032] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 60.816617][ T5032] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5036 [ 60.856288][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x555556f155e0, 24) = 0 [pid 5036] chdir("./7") = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5036] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5037], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5037 [pid 5036] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5036] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5037 attached ) = 0 [pid 5037] set_robust_list(0x7fdbd82d69e0, 24 [pid 5036] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5038 attached , parent_tid=[5038], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5038 [pid 5038] set_robust_list(0x7fdbd82b59e0, 24 [pid 5036] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] <... set_robust_list resumed>) = 0 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5038] memfd_create("syzkaller", 0 [pid 5037] memfd_create("syzkaller", 0) = 3 [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5038] <... memfd_create resumed>) = 4 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5037] munmap(0x7fdbcfe95000, 262144 [pid 5038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5037] <... munmap resumed>) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5037] ioctl(5, LOOP_SET_FD, 3 [pid 5038] <... write resumed>) = 262144 [pid 5037] <... ioctl resumed>) = 0 [pid 5038] munmap(0x7fdbc7a95000, 262144 [pid 5037] close(3 [pid 5038] <... munmap resumed>) = 0 [pid 5037] <... close resumed>) = 0 [pid 5037] mkdir("./file0", 0777) = 0 [pid 5037] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5038] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5038] ioctl(3, LOOP_CLR_FD) = 0 [pid 5037] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5037] ioctl(5, LOOP_CLR_FD) = 0 [pid 5037] close(5 [pid 5038] ioctl(3, LOOP_SET_FD, 4 [pid 5037] <... close resumed>) = 0 [pid 5038] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5037] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] close(3 [pid 5037] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... close resumed>) = 0 [pid 5038] close(4) = 0 [pid 5038] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 0 [pid 5037] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5038] <... futex resumed>) = 1 [pid 5038] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5037] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5037] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... futex resumed>) = 0 [pid 5037] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5036] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5037] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5037] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5036] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5036] <... futex resumed>) = 0 [pid 5037] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] exit_group(0 [pid 5038] <... futex resumed>) = ? [pid 5037] <... futex resumed>) = ? [pid 5036] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x555556f155e0, 24) = 0 [pid 5039] chdir("./8") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5039] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5040 attached , parent_tid=[5040], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5040 [pid 5040] set_robust_list(0x7fdbd82d69e0, 24 [pid 5039] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5039] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5040] memfd_create("syzkaller", 0 [pid 5039] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5041], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5041 [pid 5040] <... memfd_create resumed>) = 3 [pid 5039] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5039] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5040] munmap(0x7fdbcfe95000, 262144) = 0 [ 60.931940][ T5037] loop0: detected capacity change from 0 to 512 [ 60.951433][ T5037] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5040] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5041] memfd_create("syzkaller", 0) = 5 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5040] <... ioctl resumed>) = 0 [pid 5040] close(3) = 0 [pid 5041] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5040] mkdir("./file0", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5041] <... write resumed>) = 262144 [pid 5041] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5041] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5041] ioctl(3, LOOP_CLR_FD) = 0 [pid 5041] ioctl(3, LOOP_SET_FD, 5 [pid 5040] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4 [pid 5041] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5041] close(3 [pid 5040] <... close resumed>) = 0 [pid 5041] <... close resumed>) = 0 [pid 5040] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] close(5 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... close resumed>) = 0 [pid 5041] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5039] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = 0 [pid 5041] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5040] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5039] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5040] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5040] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] exit_group(0) = ? [pid 5040] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5042 [ 61.015403][ T5040] loop0: detected capacity change from 0 to 512 [ 61.026490][ T5040] ext4: Unknown parameter 'jqfmZ!c12nuid32' ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x555556f155e0, 24) = 0 [pid 5042] chdir("./9") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5042] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5043] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... clone resumed>, parent_tid=[5043], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5043 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5042] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5043] memfd_create("syzkaller", 0 [pid 5042] <... mprotect resumed>) = 0 [pid 5043] <... memfd_create resumed>) = 3 [pid 5042] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5042] <... clone resumed>, parent_tid=[5044], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5044 [pid 5042] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5042] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5043] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5044] memfd_create("syzkaller", 0) = 5 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5043] <... ioctl resumed>) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file0", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5043] ioctl(4, LOOP_CLR_FD [pid 5044] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5044] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5044] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5044] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5044] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5044] close(3) = 0 [pid 5044] close(5) = 0 [pid 5044] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5044] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5044] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5044] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [ 61.106208][ T5043] loop0: detected capacity change from 0 to 512 [ 61.114229][ T5043] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5044] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... ioctl resumed>) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] exit_group(0) = ? [pid 5044] <... futex resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5045 ./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x555556f155e0, 24) = 0 [pid 5045] chdir("./10") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5045] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5046 attached [pid 5046] set_robust_list(0x7fdbd82d69e0, 24 [pid 5045] <... clone resumed>, parent_tid=[5046], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5046 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5045] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] memfd_create("syzkaller", 0) = 3 [pid 5045] <... futex resumed>) = 0 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5046] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5045] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5047 attached , parent_tid=[5047], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5047 [pid 5047] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5047] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] memfd_create("syzkaller", 0) = 4 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5045] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5047] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5046] munmap(0x7fdbcfe95000, 138412032 [pid 5047] <... write resumed>) = 262144 [pid 5046] <... munmap resumed>) = 0 [pid 5047] munmap(0x7fdbc7a95000, 262144 [pid 5046] close(3) = 0 [pid 5046] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... munmap resumed>) = 0 [pid 5046] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 61.166183][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5047] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5047] close(4) = 0 [pid 5047] mkdir("./file0", 0777) = 0 [ 61.208291][ T5047] loop0: detected capacity change from 0 to 512 [ 61.217216][ T5047] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 61.237470][ T5047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5047] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5047] chdir("./file0") = 0 [pid 5047] ioctl(3, LOOP_CLR_FD) = 0 [pid 5047] close(3) = 0 [pid 5047] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5046] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5045] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5046] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5046] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 0 [ 61.249913][ T5047] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.267841][ T5046] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 61.282521][ T5046] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5046] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5046] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 1 [pid 5046] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5046] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] exit_group(0) = ? [pid 5046] <... futex resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5047] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555556f155e0, 24) = 0 [pid 5050] chdir("./11") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5050] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5051], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5051 [pid 5050] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5050] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5052], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5052 [pid 5050] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5051] memfd_create("syzkaller", 0) = 3 [ 61.295905][ T5046] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 61.310889][ T5046] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 61.323593][ T5046] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 61.346376][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5051] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5051] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5052] memfd_create("syzkaller", 0) = 5 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5051] <... ioctl resumed>) = 0 [pid 5051] close(3) = 0 [pid 5052] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5051] mkdir("./file0", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5052] <... write resumed>) = 262144 [pid 5052] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5052] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5052] ioctl(3, LOOP_CLR_FD) = 0 [pid 5052] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5052] close(3) = 0 [pid 5051] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5052] close(5) = 0 [pid 5051] ioctl(4, LOOP_CLR_FD [pid 5052] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5052] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5052] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5052] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [ 61.394336][ T5051] loop0: detected capacity change from 0 to 512 [ 61.405536][ T5051] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5052] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... ioctl resumed>) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] exit_group(0) = ? [pid 5051] <... futex resumed>) = ? [pid 5052] <... futex resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x555556f155e0, 24) = 0 [pid 5053] chdir("./12") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5053] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5054 attached , parent_tid=[5054], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5054 [pid 5054] set_robust_list(0x7fdbd82d69e0, 24 [pid 5053] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... set_robust_list resumed>) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5054] memfd_create("syzkaller", 0 [pid 5053] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5054] <... memfd_create resumed>) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5055] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... clone resumed>, parent_tid=[5055], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5055 [pid 5054] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5053] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] memfd_create("syzkaller", 0) = 4 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5054] munmap(0x7fdbcfe95000, 138412032 [pid 5055] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5053] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] <... munmap resumed>) = 0 [pid 5054] close(3) = 0 [pid 5054] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... write resumed>) = 262144 [pid 5055] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5055] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5055] close(4) = 0 [pid 5055] mkdir("./file0", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5055] chdir("./file0") = 0 [pid 5055] ioctl(3, LOOP_CLR_FD) = 0 [pid 5055] close(3) = 0 [pid 5055] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5054] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 61.503078][ T5055] loop0: detected capacity change from 0 to 512 [ 61.512216][ T5055] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 61.527454][ T5055] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 61.539639][ T5055] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5053] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5054] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 1 [pid 5054] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = 0 [pid 5054] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 1 [pid 5054] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 3 [pid 5054] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] exit_group(0 [pid 5055] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 61.570923][ T5054] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 61.585916][ T5054] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 61.607298][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x555556f155e0, 24) = 0 [pid 5058] chdir("./13") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5058] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5059 attached , parent_tid=[5059], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5059 [pid 5059] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5059] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5059] memfd_create("syzkaller", 0 [pid 5058] <... mmap resumed>) = 0x7fdbd8295000 [pid 5058] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5059] <... memfd_create resumed>) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5058] <... mprotect resumed>) = 0 [pid 5059] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5058] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5060], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5060 [pid 5058] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5060] memfd_create("syzkaller", 0) = 4 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5059] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5059] close(3) = 0 [pid 5059] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5059] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... write resumed>) = 262144 [pid 5060] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5060] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5060] close(4) = 0 [pid 5060] mkdir("./file0", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(3, LOOP_CLR_FD) = 0 [pid 5060] close(3) = 0 [pid 5060] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [ 61.683834][ T5060] loop0: detected capacity change from 0 to 512 [ 61.693277][ T5060] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 61.707948][ T5060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 61.720276][ T5060] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5060] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5059] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5059] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 61.748005][ T5059] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 61.765830][ T5059] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 61.780144][ T5059] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5058] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5059] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5058] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5059] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] exit_group(0 [pid 5060] <... futex resumed>) = ? [pid 5058] <... exit_group resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] <... futex resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 61.795644][ T5059] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 61.809133][ T5059] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 61.830679][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x555556f155e0, 24) = 0 [pid 5063] chdir("./14") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5063] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7fdbd82d69e0, 24 [pid 5063] <... clone resumed>, parent_tid=[5064], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5064 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5064] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] memfd_create("syzkaller", 0 [pid 5063] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... memfd_create resumed>) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... futex resumed>) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5063] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5063] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5065], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5065] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5063] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... set_robust_list resumed>) = 0 [pid 5065] memfd_create("syzkaller", 0 [pid 5064] <... write resumed>) = 262144 [pid 5064] munmap(0x7fdbcfeb6000, 262144 [pid 5065] <... memfd_create resumed>) = 4 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... munmap resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5064] <... openat resumed>) = 5 [pid 5064] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5065] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5064] mkdir("./file0", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5065] <... write resumed>) = 262144 [pid 5065] munmap(0x7fdbc7a95000, 262144 [pid 5064] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(5, LOOP_CLR_FD [pid 5065] <... munmap resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(5) = 0 [pid 5064] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5065] close(3) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 0 [pid 5064] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5065] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5064] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5064] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5064] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] exit_group(0) = ? [pid 5064] <... futex resumed>) = ? [pid 5065] <... futex resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 61.935955][ T5064] loop0: detected capacity change from 0 to 512 [ 61.945307][ T5064] ext4: Unknown parameter 'jqfmZ!c12nuid32' getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x555556f155e0, 24) = 0 [pid 5066] chdir("./15") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5066] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5067], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5067 [pid 5066] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5066] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5066] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5068] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5068] memfd_create("syzkaller", 0 [pid 5067] munmap(0x7fdbcfe95000, 138412032 [pid 5068] <... memfd_create resumed>) = 4 [pid 5067] <... munmap resumed>) = 0 [pid 5067] close(3) = 0 [pid 5067] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5068] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5068] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5068] close(4) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [ 62.018621][ T5068] loop0: detected capacity change from 0 to 512 [ 62.027645][ T5068] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 62.047552][ T5068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5068] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5067] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5066] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5067] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5066] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... setxattr resumed>) = 0 [pid 5067] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5066] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... openat resumed>) = 3 [pid 5067] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] exit_group(0) = ? [pid 5068] <... futex resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5067] <... futex resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 62.059937][ T5068] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.087976][ T5067] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 62.102706][ T5067] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 [ 62.146666][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555556f155e0, 24) = 0 [pid 5072] chdir("./16") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5072] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5073 attached , parent_tid=[5073], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5073 [pid 5072] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] set_robust_list(0x7fdbd82d69e0, 24 [pid 5072] <... mmap resumed>) = 0x7fdbd8295000 [pid 5072] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5073] <... set_robust_list resumed>) = 0 [pid 5072] <... mprotect resumed>) = 0 [pid 5072] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] memfd_create("syzkaller", 0 [pid 5072] <... clone resumed>, parent_tid=[5074], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5074 [pid 5072] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5073] <... memfd_create resumed>) = 4 [pid 5074] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5074] <... write resumed>) = 262144 [pid 5074] munmap(0x7fdbcfe95000, 262144 [pid 5073] <... write resumed>) = 262144 [pid 5074] <... munmap resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5073] munmap(0x7fdbc7a95000, 262144 [pid 5074] <... openat resumed>) = 5 [pid 5074] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 0777 [pid 5073] <... munmap resumed>) = 0 [pid 5074] <... mkdir resumed>) = 0 [pid 5074] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5073] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5073] ioctl(3, LOOP_CLR_FD) = 0 [pid 5073] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5073] close(3) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.238113][ T5074] loop0: detected capacity change from 0 to 512 [ 62.247027][ T5074] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 62.271487][ T5074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5073] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... mount resumed>) = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(5, LOOP_CLR_FD) = 0 [pid 5074] close(5) = 0 [pid 5074] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5073] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5072] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [ 62.283652][ T5074] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.307007][ T5073] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 62.322114][ T5073] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5073] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] exit_group(0 [pid 5074] <... futex resumed>) = ? [pid 5072] <... exit_group resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 62.334925][ T5073] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 62.349693][ T5073] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 62.362012][ T5073] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555556f155e0, 24) = 0 [pid 5077] chdir("./17") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5077] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5078 [pid 5077] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5077] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5079 [pid 5077] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5079] memfd_create("syzkaller", 0 [pid 5078] <... memfd_create resumed>) = 3 [pid 5079] <... memfd_create resumed>) = 4 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5078] <... write resumed>) = 262144 [pid 5078] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 62.406624][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5078] ioctl(5, LOOP_SET_FD, 3 [pid 5079] <... write resumed>) = 262144 [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5079] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5078] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5078] ioctl(5, LOOP_CLR_FD [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5079] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5079] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5079] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5079] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5079] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5079] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [ 62.464964][ T5078] loop0: detected capacity change from 0 to 512 [ 62.472814][ T5078] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5079] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(5) = 0 [pid 5078] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x555556f155e0, 24) = 0 [pid 5080] chdir("./18") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5080] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5081 [pid 5080] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5080] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5082 [pid 5080] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 4 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] munmap(0x7fdbcfe95000, 138412032 [pid 5081] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5082] <... munmap resumed>) = 0 [pid 5082] close(3) = 0 [pid 5082] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5081] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5082] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5082] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... write resumed>) = 262144 [pid 5081] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.505945][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5081] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5081] close(4) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5081] ioctl(3, LOOP_CLR_FD) = 0 [pid 5081] close(3) = 0 [pid 5081] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 62.555161][ T5081] loop0: detected capacity change from 0 to 512 [ 62.564401][ T5081] ext4: Unknown parameter 'jqfmZ!c12nuid32' restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x555556f155e0, 24) = 0 [pid 5083] chdir("./19") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5083] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7fdbd82d69e0, 24 [pid 5083] <... clone resumed>, parent_tid=[5084], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5084 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5083] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] memfd_create("syzkaller", 0 [pid 5083] <... clone resumed>, parent_tid=[5085], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5085 [pid 5084] <... memfd_create resumed>) = 3 [pid 5083] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... futex resumed>) = 0 [pid 5084] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5083] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5085] set_robust_list(0x7fdbd82b59e0, 24 [pid 5084] <... write resumed>) = 262144 [pid 5084] munmap(0x7fdbcfe95000, 262144 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... munmap resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3 [pid 5085] memfd_create("syzkaller", 0) = 5 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5084] <... ioctl resumed>) = 0 [pid 5085] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5085] <... write resumed>) = 262144 [pid 5084] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5084] ioctl(4, LOOP_CLR_FD [pid 5085] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5085] close(3) = 0 [pid 5085] close(5) = 0 [pid 5085] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5085] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [ 62.651970][ T5084] loop0: detected capacity change from 0 to 512 [ 62.662390][ T5084] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5085] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... ioctl resumed>) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5083] <... exit_group resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555556f155e0, 24 [pid 5002] <... clone resumed>, child_tidptr=0x555556f155d0) = 5086 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5086] chdir("./20") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5086] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5087], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5087 [pid 5086] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5086] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5088 [pid 5086] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5088 attached [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5088] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5088] memfd_create("syzkaller", 0) = 4 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5087] <... write resumed>) = 262144 [pid 5087] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 62.706063][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5087] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5087] ioctl(5, LOOP_CLR_FD [pid 5088] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5088] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5088] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5088] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5088] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 0 [pid 5088] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5088] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5088] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [ 62.746777][ T5087] loop0: detected capacity change from 0 to 512 [ 62.754741][ T5087] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5088] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... ioctl resumed>) = 0 [pid 5087] close(5) = 0 [pid 5087] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] exit_group(0) = ? [pid 5088] <... futex resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x555556f155e0, 24 [pid 5002] <... clone resumed>, child_tidptr=0x555556f155d0) = 5089 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5089] chdir("./21") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5089] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5090 [pid 5089] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5089] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5091 [pid 5089] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5090] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.795939][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5090] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5091] memfd_create("syzkaller", 0) = 5 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5091] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5091] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5091] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5090] <... ioctl resumed>) = 0 [pid 5091] ioctl(6, LOOP_CLR_FD [pid 5090] close(3 [pid 5091] <... ioctl resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5091] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5091] close(6) = 0 [pid 5091] close(5) = 0 [pid 5091] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5090] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5090] ioctl(4, LOOP_CLR_FD [pid 5091] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5091] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5091] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5091] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [ 62.836751][ T5090] loop0: detected capacity change from 0 to 512 [ 62.868247][ T5090] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5091] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... ioctl resumed>) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5089] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555556f155e0, 24) = 0 [pid 5092] chdir("./22") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5092] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5093 [pid 5092] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5092] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5094 [pid 5092] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7fdbd82d69e0, 24) = 0 ./strace-static-x86_64: Process 5094 attached [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5094] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5094] memfd_create("syzkaller", 0) = 4 [pid 5093] munmap(0x7fdbcfe95000, 138412032 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5093] <... munmap resumed>) = 0 [pid 5093] close(3) = 0 [pid 5093] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5094] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [ 62.970536][ T5094] loop0: detected capacity change from 0 to 512 [ 62.978989][ T5094] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 62.997706][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5094] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5094] chdir("./file0") = 0 [pid 5094] ioctl(3, LOOP_CLR_FD) = 0 [pid 5094] close(3) = 0 [pid 5094] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5092] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5093] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5092] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.009906][ T5094] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.026122][ T5093] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 63.041229][ T5093] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.055237][ T5093] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5092] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5093] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5092] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5093] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 63.071148][ T5093] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.084966][ T5093] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 63.104644][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x555556f155e0, 24) = 0 [pid 5097] chdir("./23") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5097] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5098] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] memfd_create("syzkaller", 0 [pid 5097] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... memfd_create resumed>) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5097] <... futex resumed>) = 0 [pid 5098] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5097] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5099 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5097] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] <... write resumed>) = 262144 [pid 5098] munmap(0x7fdbcfeb6000, 262144./strace-static-x86_64: Process 5099 attached ) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3 [pid 5099] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 5 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5098] <... ioctl resumed>) = 0 [pid 5098] close(3) = 0 [pid 5099] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5098] mkdir("./file0", 0777) = 0 [pid 5098] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5099] <... write resumed>) = 262144 [pid 5099] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5099] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5099] ioctl(3, LOOP_CLR_FD) = 0 [pid 5099] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5099] close(3) = 0 [pid 5099] close(5) = 0 [pid 5099] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5098] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5098] ioctl(4, LOOP_CLR_FD [pid 5099] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5099] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5099] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5099] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5099] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [ 63.194805][ T5098] loop0: detected capacity change from 0 to 512 [ 63.206238][ T5098] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5099] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... ioctl resumed>) = 0 [pid 5098] close(4) = 0 [pid 5098] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5097] <... exit_group resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5098] <... futex resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555556f155e0, 24) = 0 [pid 5100] chdir("./24") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5100] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5101], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5101 [pid 5100] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5100] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5102], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5102 [pid 5100] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5101] munmap(0x7fdbcfe95000, 262144./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7fdbd82b59e0, 24 [pid 5101] <... munmap resumed>) = 0 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5102] memfd_create("syzkaller", 0) = 4 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5101] ioctl(5, LOOP_SET_FD, 3 [pid 5102] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5102] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5102] ioctl(6, LOOP_SET_FD, 4 [pid 5101] <... ioctl resumed>) = 0 [pid 5102] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5102] ioctl(6, LOOP_CLR_FD) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [pid 5101] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5102] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5102] close(6) = 0 [pid 5102] close(4) = 0 [ 63.256220][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 63.295756][ T5101] loop0: detected capacity change from 0 to 512 [pid 5102] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5102] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5102] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5102] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5102] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 63.304431][ T5101] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5101] ioctl(5, LOOP_CLR_FD) = 0 [pid 5101] close(5) = 0 [pid 5101] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5100] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x555556f155e0, 24) = 0 [pid 5103] chdir("./25") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5103] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5104 attached , parent_tid=[5104], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5104 [pid 5104] set_robust_list(0x7fdbd82d69e0, 24 [pid 5103] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] memfd_create("syzkaller", 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5104] <... memfd_create resumed>) = 3 [pid 5103] <... mmap resumed>) = 0x7fdbd8295000 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5103] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5103] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5105 attached , parent_tid=[5105], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5105 [pid 5105] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5105] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] memfd_create("syzkaller", 0 [pid 5104] munmap(0x7fdbcfe95000, 138412032 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5104] <... munmap resumed>) = 0 [pid 5105] <... memfd_create resumed>) = 4 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5104] close(3) = 0 [pid 5104] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5105] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5105] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5105] close(4) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [ 63.425807][ T5105] loop0: detected capacity change from 0 to 512 [ 63.434499][ T5105] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 63.447520][ T5105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 63.459775][ T5105] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5105] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(3, LOOP_CLR_FD) = 0 [pid 5105] close(3) = 0 [pid 5105] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5104] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5103] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5104] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [ 63.475837][ T5104] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 63.490593][ T5104] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.503440][ T5104] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5104] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5104] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5103] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5104] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] exit_group(0) = ? [pid 5105] <... futex resumed>) = ? [pid 5104] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 63.518275][ T5104] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.531256][ T5104] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 63.556375][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x555556f155e0, 24) = 0 [pid 5108] chdir("./26") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5108] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5109 [pid 5108] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5108] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5110 attached , parent_tid=[5110], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5110 [pid 5108] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5110] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5110] memfd_create("syzkaller", 0) = 4 [pid 5109] munmap(0x7fdbcfe95000, 138412032 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5109] <... munmap resumed>) = 0 [pid 5109] close(3) = 0 [pid 5109] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5110] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5110] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5110] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(3, LOOP_CLR_FD) = 0 [pid 5110] close(3) = 0 [pid 5110] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5109] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 63.634741][ T5110] loop0: detected capacity change from 0 to 512 [ 63.644218][ T5110] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 63.657625][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 63.670027][ T5110] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5108] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5109] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 63.694206][ T5109] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 63.709860][ T5109] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.723706][ T5109] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5109] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5109] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = 1 [pid 5109] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5109] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] exit_group(0 [pid 5110] <... futex resumed>) = ? [pid 5108] <... exit_group resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x555556f155d0) = 5113 [pid 5113] set_robust_list(0x555556f155e0, 24) = 0 [pid 5113] chdir("./27") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5113] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5114 attached , parent_tid=[5114], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5114 [pid 5113] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [ 63.738308][ T5109] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 63.750623][ T5109] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 63.769082][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5113] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5115 attached , parent_tid=[5115], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5115 [pid 5113] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5115] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5115] memfd_create("syzkaller", 0) = 4 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5114] munmap(0x7fdbcfe95000, 138412032 [pid 5115] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5114] <... munmap resumed>) = 0 [pid 5115] <... write resumed>) = 262144 [pid 5114] close(3 [pid 5115] munmap(0x7fdbc7a95000, 262144 [pid 5114] <... close resumed>) = 0 [pid 5114] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... munmap resumed>) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5115] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5115] close(4) = 0 [pid 5115] mkdir("./file0", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5115] chdir("./file0") = 0 [pid 5115] ioctl(3, LOOP_CLR_FD) = 0 [pid 5115] close(3) = 0 [pid 5115] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [ 63.832210][ T5115] loop0: detected capacity change from 0 to 512 [ 63.842142][ T5115] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 63.857315][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 63.869528][ T5115] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5114] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5113] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5114] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... setxattr resumed>) = 0 [pid 5114] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 3 [pid 5114] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] exit_group(0) = ? [pid 5115] <... futex resumed>) = ? [pid 5114] <... futex resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 63.896951][ T5114] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 63.911698][ T5114] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x555556f155e0, 24) = 0 [pid 5118] chdir("./28") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5118] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5119], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5119 [pid 5118] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5118] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5120], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5120 [pid 5118] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5119] memfd_create("syzkaller", 0) = 4 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5120] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5119] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5120] close(3) = 0 [pid 5120] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOENT (No such file or directory) [pid 5120] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOENT (No such file or directory) [pid 5120] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5120] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [ 63.966571][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5120] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... write resumed>) = 262144 [pid 5119] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5119] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5119] close(4) = 0 [pid 5119] mkdir("./file0", 0777) = 0 [pid 5119] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5119] ioctl(3, LOOP_CLR_FD) = 0 [pid 5119] close(3) = 0 [pid 5119] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] exit_group(0 [pid 5120] <... futex resumed>) = ? [pid 5118] <... exit_group resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] <... futex resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x555556f155e0, 24) = 0 [pid 5121] chdir("./29") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [ 64.030960][ T5119] loop0: detected capacity change from 0 to 512 [ 64.038877][ T5119] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5121] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5122 attached , parent_tid=[5122], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5122 [pid 5122] set_robust_list(0x7fdbd82d69e0, 24 [pid 5121] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5122] memfd_create("syzkaller", 0 [pid 5121] <... mmap resumed>) = 0x7fdbd8295000 [pid 5122] <... memfd_create resumed>) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5121] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5123 attached [pid 5121] <... clone resumed>, parent_tid=[5123], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5123 [pid 5123] set_robust_list(0x7fdbd82b59e0, 24 [pid 5121] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... set_robust_list resumed>) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] <... write resumed>) = 262144 [pid 5122] munmap(0x7fdbcfe95000, 262144 [pid 5121] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 4 [pid 5122] <... munmap resumed>) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5122] ioctl(5, LOOP_SET_FD, 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5122] <... ioctl resumed>) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file0", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5123] <... mmap resumed>) = 0x7fdbc7ad5000 [pid 5123] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5122] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5123] <... write resumed>) = 262144 [pid 5122] ioctl(5, LOOP_CLR_FD [pid 5123] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5123] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5123] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5123] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5123] close(3) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5123] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5123] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5123] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [ 64.107971][ T5122] loop0: detected capacity change from 0 to 512 [ 64.116632][ T5122] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5123] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... ioctl resumed>) = 0 [pid 5122] close(5) = 0 [pid 5122] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5122] <... futex resumed>) = ? [pid 5121] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x555556f155e0, 24) = 0 [pid 5124] chdir("./30") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5124] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5125], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5125 [pid 5124] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5124] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5126 ./strace-static-x86_64: Process 5126 attached ./strace-static-x86_64: Process 5125 attached [pid 5126] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5124] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] memfd_create("syzkaller", 0 [pid 5125] set_robust_list(0x7fdbd82d69e0, 24 [pid 5126] <... memfd_create resumed>) = 3 [pid 5125] <... set_robust_list resumed>) = 0 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5125] memfd_create("syzkaller", 0 [pid 5126] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5125] <... memfd_create resumed>) = 4 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5126] <... write resumed>) = 262144 [pid 5126] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5126] ioctl(5, LOOP_SET_FD, 3 [pid 5125] <... write resumed>) = 262144 [pid 5125] munmap(0x7fdbc7a95000, 262144 [pid 5126] <... ioctl resumed>) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5125] <... munmap resumed>) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5125] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5125] ioctl(3, LOOP_CLR_FD) = 0 [pid 5125] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5125] close(3) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.211959][ T5126] loop0: detected capacity change from 0 to 512 [ 64.221084][ T5126] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [pid 5125] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... mount resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(5, LOOP_CLR_FD) = 0 [pid 5126] close(5) = 0 [pid 5126] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5125] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5124] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5125] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5125] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 4 [pid 5125] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] exit_group(0) = ? [pid 5126] <... futex resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 64.250962][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 64.263260][ T5126] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.290055][ T5125] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz-executor377: bg 0: block 44: padding at end of block bitmap is not set umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5129 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x555556f155e0, 24) = 0 [pid 5129] chdir("./31") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5129] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5130] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... clone resumed>, parent_tid=[5130], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5130 [pid 5129] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [ 64.316735][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5129] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5129] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5129] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5130] <... write resumed>) = 262144 [pid 5130] munmap(0x7fdbcfeb6000, 262144 [pid 5129] <... clone resumed>, parent_tid=[5131], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5130] <... munmap resumed>) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3 [pid 5129] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5131] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5130] <... ioctl resumed>) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5130] close(3 [pid 5131] memfd_create("syzkaller", 0 [pid 5130] <... close resumed>) = 0 [pid 5131] <... memfd_create resumed>) = 3 [pid 5130] mkdir("./file0", 0777 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5130] <... mkdir resumed>) = 0 [pid 5131] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5130] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5130] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5131] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5131] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5131] ioctl(5, LOOP_CLR_FD) = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5131] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5131] close(5) = 0 [pid 5131] close(3 [pid 5130] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... close resumed>) = 0 [pid 5131] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5130] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5130] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5130] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] exit_group(0 [pid 5130] <... futex resumed>) = ? [pid 5129] <... exit_group resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 64.383429][ T5130] loop0: detected capacity change from 0 to 512 [ 64.394613][ T5130] ext4: Unknown parameter 'jqfmZ!c12nuid32' clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x555556f155e0, 24) = 0 [pid 5132] chdir("./32") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] <... clone resumed>, child_tidptr=0x555556f155d0) = 5132 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5132] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5133 ./strace-static-x86_64: Process 5133 attached [pid 5132] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5132] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5133] set_robust_list(0x7fdbd82d69e0, 24 [pid 5132] <... mprotect resumed>) = 0 [pid 5132] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5133] <... set_robust_list resumed>) = 0 [pid 5132] <... clone resumed>, parent_tid=[5134], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5134 [pid 5132] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5134] memfd_create("syzkaller", 0 [pid 5133] memfd_create("syzkaller", 0 [pid 5134] <... memfd_create resumed>) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5133] <... memfd_create resumed>) = 4 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5133] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5133] ioctl(5, LOOP_SET_FD, 4 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5133] <... ioctl resumed>) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file0", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5134] <... write resumed>) = 262144 [pid 5133] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5134] munmap(0x7fdbcfe95000, 262144 [pid 5133] ioctl(5, LOOP_CLR_FD [pid 5134] <... munmap resumed>) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5134] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5134] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5134] close(4) = 0 [pid 5134] close(3) = 0 [pid 5134] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5134] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5134] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5134] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [ 64.459732][ T5133] loop0: detected capacity change from 0 to 512 [ 64.467823][ T5133] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5134] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... ioctl resumed>) = 0 [pid 5133] close(5) = 0 [pid 5133] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] <... exit_group resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5135 ./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x555556f155e0, 24) = 0 [pid 5135] chdir("./33") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5135] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5136 [pid 5135] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5135] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7fdbd82d69e0, 24 [pid 5135] <... mprotect resumed>) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5135] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5136] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5137] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5135] <... clone resumed>, parent_tid=[5137], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5137 [pid 5135] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5135] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5137] memfd_create("syzkaller", 0) = 4 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262549 [pid 5137] <... write resumed>) = 262144 [pid 5137] munmap(0x7fdbc7a95000, 262144 [pid 5136] <... write resumed>) = 262549 [pid 5136] munmap(0x7fdbcfe95000, 262549 [pid 5137] <... munmap resumed>) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5136] <... munmap resumed>) = 0 [pid 5137] ioctl(5, LOOP_SET_FD, 4 [ 64.526113][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5137] <... ioctl resumed>) = 0 [pid 5136] <... openat resumed>) = 6 [pid 5137] close(4 [pid 5136] ioctl(6, LOOP_SET_FD, 3 [pid 5137] <... close resumed>) = 0 [pid 5136] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5137] mkdir("./file0", 0777 [pid 5136] ioctl(6, LOOP_CLR_FD) = 0 [pid 5137] <... mkdir resumed>) = 0 [pid 5137] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5136] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5136] close(6) = 0 [pid 5136] close(3) = 0 [pid 5136] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.584092][ T5137] loop0: detected capacity change from 0 to 512 [ 64.602555][ T5137] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 64.617485][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5136] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... mount resumed>) = 0 [pid 5137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file0") = 0 [pid 5137] ioctl(5, LOOP_CLR_FD) = 0 [pid 5137] close(5) = 0 [pid 5137] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5136] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5135] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5136] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5135] <... futex resumed>) = 0 [ 64.629681][ T5137] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.652474][ T5136] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 64.667444][ T5136] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5135] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5136] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5135] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5136] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 64.681477][ T5136] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 64.696166][ T5136] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 64.709475][ T5136] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 64.730932][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./33/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x555556f155d0) = 5140 [pid 5140] set_robust_list(0x555556f155e0, 24) = 0 [pid 5140] chdir("./34") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5140] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5141 attached , parent_tid=[5141], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5141 [pid 5141] set_robust_list(0x7fdbd82d69e0, 24 [pid 5140] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5140] <... mprotect resumed>) = 0 [pid 5141] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5140] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5142 [pid 5140] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5142] memfd_create("syzkaller", 0) = 4 [pid 5141] munmap(0x7fdbcfe95000, 138412032 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5141] <... munmap resumed>) = 0 [pid 5141] close(3) = 0 [pid 5141] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5142] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5142] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5142] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5142] close(4) = 0 [pid 5142] mkdir("./file0", 0777) = 0 [ 64.799186][ T5142] loop0: detected capacity change from 0 to 512 [ 64.808151][ T5142] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 64.827385][ T5142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5142] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5142] chdir("./file0") = 0 [pid 5142] ioctl(3, LOOP_CLR_FD) = 0 [pid 5142] close(3) = 0 [pid 5142] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5141] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5141] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.839608][ T5142] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.867844][ T5141] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 64.882920][ T5141] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5141] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5141] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5140] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5141] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] exit_group(0 [pid 5142] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 64.896998][ T5141] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 64.911651][ T5141] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 64.926057][ T5141] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x555556f155e0, 24) = 0 [pid 5145] chdir("./35") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5145] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5146 attached , parent_tid=[5146], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5146 [pid 5146] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5146] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5145] <... futex resumed>) = 0 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5145] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5145] <... futex resumed>) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [ 64.947409][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5145] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5147 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5145] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] <... write resumed>) = 262144 [pid 5146] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] mkdir("./file0", 0777./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5146] <... mkdir resumed>) = 0 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5146] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5146] ioctl(4, LOOP_CLR_FD [pid 5147] <... write resumed>) = 262144 [pid 5147] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5147] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5147] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5147] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5147] close(5) = 0 [pid 5147] close(3) = 0 [pid 5147] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5147] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5147] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5145] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5147] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5145] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5147] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [ 65.016600][ T5146] loop0: detected capacity change from 0 to 512 [ 65.026135][ T5146] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5146] <... ioctl resumed>) = 0 [pid 5146] close(4) = 0 [pid 5146] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] <... futex resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x555556f155e0, 24) = 0 [pid 5148] chdir("./36") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5148] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5149], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5149 [pid 5148] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5148] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5150 attached , parent_tid=[5150], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5150 [pid 5148] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5150] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5150] memfd_create("syzkaller", 0) = 4 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5149] munmap(0x7fdbcfe95000, 138412032 [pid 5150] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5150] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5149] <... munmap resumed>) = 0 [pid 5149] close(3) = 0 [pid 5149] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... write resumed>) = 262144 [pid 5150] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5150] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5150] close(4) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [ 65.065784][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 65.102489][ T5150] loop0: detected capacity change from 0 to 512 [pid 5150] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(3, LOOP_CLR_FD) = 0 [pid 5150] close(3) = 0 [pid 5150] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5149] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5148] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [ 65.110491][ T5150] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 65.127303][ T5150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 65.139496][ T5150] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5150] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5149] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... futex resumed>) = 1 [pid 5149] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5149] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... futex resumed>) = 1 [ 65.161568][ T5149] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 65.176296][ T5149] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 65.189503][ T5149] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 65.204148][ T5149] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5149] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5149] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5148] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] <... futex resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 [ 65.216756][ T5149] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 65.234593][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x555556f155e0, 24) = 0 [pid 5153] chdir("./37") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5153] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5154 [pid 5153] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5153] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5155], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5155 [pid 5153] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5154] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5155] memfd_create("syzkaller", 0) = 5 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5154] <... ioctl resumed>) = 0 [pid 5154] close(3) = 0 [pid 5155] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5154] mkdir("./file0", 0777) = 0 [pid 5154] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5155] <... write resumed>) = 262144 [pid 5155] munmap(0x7fdbc7ad5000, 262144 [pid 5154] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5155] <... munmap resumed>) = 0 [pid 5154] ioctl(4, LOOP_CLR_FD [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5155] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5155] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5155] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5155] close(3) = 0 [pid 5155] close(5) = 0 [pid 5155] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 1 [pid 5155] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5155] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5155] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5153] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5155] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5155] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5155] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5153] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5155] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [ 65.314284][ T5154] loop0: detected capacity change from 0 to 512 [ 65.324156][ T5154] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5155] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... ioctl resumed>) = 0 [pid 5154] close(4) = 0 [pid 5154] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5153] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5156 ./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x555556f155e0, 24) = 0 [pid 5156] chdir("./38") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5156] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5157 attached , parent_tid=[5157], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5157 [pid 5156] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] set_robust_list(0x7fdbd82d69e0, 24 [pid 5156] <... futex resumed>) = 0 [pid 5157] <... set_robust_list resumed>) = 0 [pid 5156] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] memfd_create("syzkaller", 0 [pid 5156] <... futex resumed>) = 0 [pid 5157] <... memfd_create resumed>) = 3 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5156] <... mmap resumed>) = 0x7fdbd8295000 [pid 5156] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5156] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5158], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5158 [pid 5156] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x7fdbd82b59e0, 24 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5158] <... set_robust_list resumed>) = 0 [pid 5158] memfd_create("syzkaller", 0) = 4 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5157] <... write resumed>) = 262144 [pid 5157] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 65.386020][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5157] ioctl(5, LOOP_SET_FD, 3 [pid 5158] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5158] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5157] <... ioctl resumed>) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file0", 0777) = 0 [pid 5158] <... openat resumed>) = 3 [pid 5157] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5158] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5158] ioctl(3, LOOP_CLR_FD) = 0 [pid 5157] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5157] ioctl(5, LOOP_CLR_FD) = 0 [pid 5157] close(5 [pid 5158] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5158] close(3) = 0 [pid 5158] close(4) = 0 [pid 5158] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5157] <... close resumed>) = 0 [pid 5157] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5158] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5158] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 0 [pid 5157] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5157] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5157] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] exit_group(0) = ? [pid 5158] <... futex resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x555556f155d0) = 5159 [pid 5159] set_robust_list(0x555556f155e0, 24) = 0 [pid 5159] chdir("./39") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5159] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5160 [pid 5159] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5159] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5161], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5161 [pid 5159] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5161 attached ) = 0x7fdbcfe95000 [pid 5161] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5161] memfd_create("syzkaller", 0 [pid 5160] munmap(0x7fdbcfe95000, 138412032 [pid 5161] <... memfd_create resumed>) = 4 [ 65.431628][ T5157] loop0: detected capacity change from 0 to 512 [ 65.440994][ T5157] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5160] <... munmap resumed>) = 0 [pid 5160] close(3) = 0 [pid 5160] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5161] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5161] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5161] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./file0", 0777) = 0 [ 65.498814][ T5161] loop0: detected capacity change from 0 to 512 [ 65.508512][ T5161] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 65.527600][ T5161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5161] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5161] chdir("./file0") = 0 [pid 5161] ioctl(3, LOOP_CLR_FD) = 0 [pid 5161] close(3) = 0 [pid 5161] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5160] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5159] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... futex resumed>) = 1 [pid 5161] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5160] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5159] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.539943][ T5161] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.562246][ T5160] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 65.580517][ T5160] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5159] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5160] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5160] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5159] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5160] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5160] <... futex resumed>) = ? [pid 5159] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 [ 65.594485][ T5160] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 65.609240][ T5160] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 65.622877][ T5160] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x555556f155e0, 24) = 0 [pid 5165] chdir("./40") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5165] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5166 [pid 5165] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5165] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5167 [pid 5165] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 4 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5167] <... write resumed>) = 262144 [pid 5167] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 65.646457][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5167] ioctl(5, LOOP_SET_FD, 3 [pid 5166] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5166] munmap(0x7fdbc7a95000, 262144 [pid 5167] <... ioctl resumed>) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file0", 0777 [pid 5166] <... munmap resumed>) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5167] <... mkdir resumed>) = 0 [pid 5167] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5166] <... openat resumed>) = 3 [pid 5166] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5166] ioctl(3, LOOP_CLR_FD) = 0 [pid 5166] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5166] close(3) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.711337][ T5167] loop0: detected capacity change from 0 to 512 [ 65.721035][ T5167] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [pid 5166] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... mount resumed>) = 0 [pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file0") = 0 [pid 5167] ioctl(5, LOOP_CLR_FD) = 0 [pid 5167] close(5) = 0 [pid 5167] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5166] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5165] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [ 65.757510][ T5167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 65.769888][ T5167] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.786586][ T5166] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5167] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5166] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5166] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5165] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5166] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] exit_group(0) = ? [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 65.801226][ T5166] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 65.813802][ T5166] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 65.828530][ T5166] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 65.841822][ T5166] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555556f155e0, 24) = 0 [pid 5170] chdir("./41") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5170] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5171 attached , parent_tid=[5171], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5171 [pid 5171] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5171] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... futex resumed>) = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5170] <... futex resumed>) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [ 65.886576][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5170] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5172 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5170] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] <... write resumed>) = 262144 [pid 5171] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5172] memfd_create("syzkaller", 0) = 5 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5171] <... ioctl resumed>) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file0", 0777 [pid 5172] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5171] <... mkdir resumed>) = 0 [pid 5171] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5172] <... write resumed>) = 262144 [pid 5172] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5172] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5172] ioctl(3, LOOP_CLR_FD) = 0 [pid 5172] ioctl(3, LOOP_SET_FD, 5 [pid 5171] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4 [pid 5172] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5172] close(3) = 0 [pid 5172] close(5) = 0 [pid 5172] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5171] <... close resumed>) = 0 [pid 5171] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5171] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5172] <... futex resumed>) = 1 [pid 5170] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... futex resumed>) = 0 [pid 5171] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5171] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5172] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] exit_group(0) = ? [pid 5171] <... futex resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555556f155e0, 24) = 0 [pid 5173] chdir("./42") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [ 65.952380][ T5171] loop0: detected capacity change from 0 to 512 [ 65.963996][ T5171] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5173] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5174 attached , parent_tid=[5174], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5174 [pid 5174] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5174] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5173] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... memfd_create resumed>) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5173] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5175], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5175 [pid 5173] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5175] memfd_create("syzkaller", 0) = 4 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5175] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 263353 [pid 5175] <... write resumed>) = 262144 [pid 5175] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5175] ioctl(5, LOOP_SET_FD, 4 [pid 5174] <... write resumed>) = 263353 [pid 5174] munmap(0x7fdbcfeb6000, 263353 [pid 5175] <... ioctl resumed>) = 0 [pid 5175] close(4 [pid 5174] <... munmap resumed>) = 0 [pid 5175] <... close resumed>) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5175] mkdir("./file0", 0777 [pid 5174] <... openat resumed>) = 4 [pid 5175] <... mkdir resumed>) = 0 [pid 5174] ioctl(4, LOOP_SET_FD, 3 [pid 5175] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5174] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5174] close(4) = 0 [pid 5174] close(3) = 0 [pid 5174] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.043241][ T5175] loop0: detected capacity change from 0 to 512 [ 66.052848][ T5175] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 66.069237][ T5175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5174] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... mount resumed>) = 0 [pid 5175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file0") = 0 [pid 5175] ioctl(5, LOOP_CLR_FD) = 0 [pid 5175] close(5) = 0 [pid 5175] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5174] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5173] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5174] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [ 66.084323][ T5175] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.109387][ T5174] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 66.124510][ T5174] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5174] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5174] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5174] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] exit_group(0 [pid 5175] <... futex resumed>) = ? [pid 5173] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 66.137438][ T5174] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 66.152154][ T5174] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 66.165263][ T5174] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 66.186482][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5178 ./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x555556f155e0, 24) = 0 [pid 5178] chdir("./43") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5178] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5179], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5179 [pid 5178] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5178] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5179 attached ) = 0 [pid 5178] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5180 attached , parent_tid=[5180], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5180 [pid 5180] set_robust_list(0x7fdbd82b59e0, 24 [pid 5178] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... set_robust_list resumed>) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] memfd_create("syzkaller", 0 [pid 5179] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5179] memfd_create("syzkaller", 0) = 4 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5180] <... memfd_create resumed>) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5179] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5180] munmap(0x7fdbc7a95000, 262144 [pid 5179] <... write resumed>) = 262144 [pid 5179] munmap(0x7fdbcfe95000, 262144 [pid 5180] <... munmap resumed>) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5180] ioctl(5, LOOP_SET_FD, 3 [pid 5179] <... munmap resumed>) = 0 [pid 5180] <... ioctl resumed>) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file0", 0777 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5180] <... mkdir resumed>) = 0 [pid 5180] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5179] <... openat resumed>) = 3 [pid 5179] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5179] ioctl(3, LOOP_CLR_FD) = 0 [pid 5179] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5179] close(3) = 0 [pid 5179] close(4) = 0 [pid 5179] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.280685][ T5180] loop0: detected capacity change from 0 to 512 [ 66.289921][ T5180] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 66.309248][ T5180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5179] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... mount resumed>) = 0 [pid 5180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file0") = 0 [pid 5180] ioctl(5, LOOP_CLR_FD) = 0 [pid 5180] close(5) = 0 [pid 5180] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5178] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5179] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... futex resumed>) = 0 [pid 5179] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5179] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... futex resumed>) = 1 [pid 5179] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 4 [pid 5179] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5178] exit_group(0 [pid 5180] <... futex resumed>) = ? [pid 5178] <... exit_group resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5179] <... futex resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 [ 66.323531][ T5180] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.338808][ T5179] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz-executor377: bg 0: block 44: padding at end of block bitmap is not set [ 66.361945][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x555556f155e0, 24) = 0 [pid 5183] chdir("./44") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5183] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5184 [pid 5183] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5183] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5185 [pid 5183] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached ./strace-static-x86_64: Process 5184 attached [pid 5185] set_robust_list(0x7fdbd82b59e0, 24 [pid 5184] set_robust_list(0x7fdbd82d69e0, 24 [pid 5185] <... set_robust_list resumed>) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5184] <... memfd_create resumed>) = 4 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5184] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5185] <... write resumed>) = 262144 [pid 5185] munmap(0x7fdbcfe95000, 262144 [pid 5184] munmap(0x7fdbc7a95000, 262144 [pid 5185] <... munmap resumed>) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5184] <... munmap resumed>) = 0 [pid 5185] <... openat resumed>) = 5 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5185] ioctl(5, LOOP_SET_FD, 3 [pid 5184] <... openat resumed>) = 6 [pid 5184] ioctl(6, LOOP_SET_FD, 4 [pid 5185] <... ioctl resumed>) = 0 [pid 5184] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5185] close(3 [pid 5184] ioctl(6, LOOP_CLR_FD) = 0 [pid 5185] <... close resumed>) = 0 [pid 5185] mkdir("./file0", 0777) = 0 [pid 5185] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5184] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5184] close(6) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... mount resumed>) = 0 [pid 5185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./file0") = 0 [pid 5185] ioctl(5, LOOP_CLR_FD) = 0 [pid 5185] close(5) = 0 [pid 5185] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5184] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 66.455708][ T5185] loop0: detected capacity change from 0 to 512 [ 66.465123][ T5185] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 66.478251][ T5185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 66.490974][ T5185] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5183] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5184] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 0 [pid 5184] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = 0 [pid 5184] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 4 [pid 5184] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5184] <... futex resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 [ 66.514150][ T5184] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 66.528888][ T5184] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 66.550571][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555556f155e0, 24) = 0 [pid 5188] chdir("./45") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5188] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5189 [pid 5188] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5188] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7fdbd82d69e0, 24 [pid 5188] <... mprotect resumed>) = 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5188] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5189] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5190 attached ) = 3 [pid 5190] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5190] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5188] <... clone resumed>, parent_tid=[5190], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5190 [pid 5188] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5189] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5190] <... futex resumed>) = 0 [pid 5190] memfd_create("syzkaller", 0) = 4 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5190] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5189] <... write resumed>) = 262144 [pid 5190] <... write resumed>) = 262144 [pid 5189] munmap(0x7fdbcfe95000, 262144 [pid 5190] munmap(0x7fdbc7a95000, 262144 [pid 5189] <... munmap resumed>) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5189] ioctl(5, LOOP_SET_FD, 3 [pid 5190] <... munmap resumed>) = 0 [pid 5189] <... ioctl resumed>) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5189] close(3 [pid 5190] <... openat resumed>) = 6 [pid 5190] ioctl(6, LOOP_SET_FD, 4 [pid 5189] <... close resumed>) = 0 [pid 5190] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5189] mkdir("./file0", 0777 [pid 5190] ioctl(6, LOOP_CLR_FD) = 0 [pid 5189] <... mkdir resumed>) = 0 [pid 5189] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5190] ioctl(6, LOOP_SET_FD, 4 [pid 5189] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5190] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5189] ioctl(5, LOOP_CLR_FD [pid 5190] close(6) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... ioctl resumed>) = 0 [pid 5189] close(5) = 0 [pid 5189] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... futex resumed>) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5190] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5188] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5189] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5188] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5188] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] exit_group(0 [pid 5190] <... futex resumed>) = ? [pid 5188] <... exit_group resumed>) = ? [pid 5189] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached , child_tidptr=0x555556f155d0) = 5191 [pid 5191] set_robust_list(0x555556f155e0, 24) = 0 [pid 5191] chdir("./46") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5191] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5192], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5192 [pid 5191] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5191] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5193 [pid 5191] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5192 attached [ 66.620662][ T5189] loop0: detected capacity change from 0 to 512 [ 66.630548][ T5189] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5192] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5193] <... write resumed>) = 262144 [pid 5193] munmap(0x7fdbcfe95000, 262144 [pid 5192] memfd_create("syzkaller", 0) = 4 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5193] <... munmap resumed>) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5193] ioctl(5, LOOP_SET_FD, 3 [pid 5192] <... mmap resumed>) = 0x7fdbc7ad5000 [pid 5193] <... ioctl resumed>) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file0", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5192] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5192] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5192] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5192] ioctl(3, LOOP_CLR_FD) = 0 [pid 5192] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5192] close(3) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.684636][ T5193] loop0: detected capacity change from 0 to 512 [ 66.693378][ T5193] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 66.708534][ T5193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5192] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mount resumed>) = 0 [pid 5193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file0") = 0 [pid 5193] ioctl(5, LOOP_CLR_FD) = 0 [pid 5193] close(5) = 0 [pid 5193] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5193] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [pid 5192] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [ 66.725532][ T5193] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5191] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5192] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5191] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.758673][ T5192] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 66.773421][ T5192] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 66.787029][ T5192] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5191] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5192] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5191] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5192] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5192] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5192] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 66.801771][ T5192] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 66.814960][ T5192] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 66.836362][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5196 ./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x555556f155e0, 24) = 0 [pid 5196] chdir("./47") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5196] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5197 attached , parent_tid=[5197], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5197 [pid 5197] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5197] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] memfd_create("syzkaller", 0 [pid 5196] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... memfd_create resumed>) = 3 [pid 5196] <... futex resumed>) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5196] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5196] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5198] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... clone resumed>, parent_tid=[5198], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5198 [pid 5196] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] memfd_create("syzkaller", 0) = 4 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5197] <... write resumed>) = 262144 [pid 5198] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5196] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] munmap(0x7fdbcfeb6000, 262144 [pid 5198] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5197] <... munmap resumed>) = 0 [pid 5198] <... write resumed>) = 262144 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5198] munmap(0x7fdbc7a95000, 262144 [pid 5197] <... openat resumed>) = 5 [pid 5197] ioctl(5, LOOP_SET_FD, 3 [pid 5198] <... munmap resumed>) = 0 [pid 5197] <... ioctl resumed>) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5197] close(3 [pid 5198] <... openat resumed>) = 6 [pid 5197] <... close resumed>) = 0 [pid 5198] ioctl(6, LOOP_SET_FD, 4 [pid 5197] mkdir("./file0", 0777 [pid 5198] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5198] ioctl(6, LOOP_CLR_FD) = 0 [pid 5197] <... mkdir resumed>) = 0 [pid 5197] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5198] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5197] ioctl(5, LOOP_CLR_FD [pid 5198] close(6) = 0 [pid 5198] close(4) = 0 [pid 5197] <... ioctl resumed>) = 0 [pid 5197] close(5) = 0 [pid 5197] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... futex resumed>) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5196] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5197] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5197] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5196] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] <... futex resumed>) = 0 [pid 5196] exit_group(0) = ? [pid 5198] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x555556f155e0, 24) = 0 [pid 5199] chdir("./48") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5199] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5200 [pid 5199] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5200 attached ) = 0x7fdbd8295000 [pid 5199] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5200] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5199] <... mprotect resumed>) = 0 [ 66.933715][ T5197] loop0: detected capacity change from 0 to 512 [ 66.943689][ T5197] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5199] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5200] <... write resumed>) = 262144 [pid 5200] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5199] <... clone resumed>, parent_tid=[5201], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5201 [pid 5199] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3 [pid 5199] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5201] memfd_create("syzkaller", 0) = 5 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5200] <... ioctl resumed>) = 0 [pid 5201] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file0", 0777 [pid 5201] <... write resumed>) = 262144 [pid 5200] <... mkdir resumed>) = 0 [pid 5201] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5201] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5201] ioctl(3, LOOP_CLR_FD) = 0 [pid 5200] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5201] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5201] close(3) = 0 [pid 5201] close(5) = 0 [pid 5201] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 1 [pid 5201] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5200] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5201] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5201] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 0 [pid 5200] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5200] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [pid 5200] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5200] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] exit_group(0 [pid 5201] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x555556f155e0, 24) = 0 [pid 5202] chdir("./49") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs" [pid 5002] <... clone resumed>, child_tidptr=0x555556f155d0) = 5202 [pid 5202] <... symlink resumed>) = 0 [pid 5202] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5202] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5203], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5203 [pid 5202] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5202] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5204 [pid 5202] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5203] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.002908][ T5200] loop0: detected capacity change from 0 to 512 [ 67.014868][ T5200] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5203] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7fdbd82b59e0, 24 [pid 5203] <... ioctl resumed>) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file0", 0777 [pid 5204] <... set_robust_list resumed>) = 0 [pid 5203] <... mkdir resumed>) = 0 [pid 5203] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5204] memfd_create("syzkaller", 0 [pid 5203] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5204] <... memfd_create resumed>) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5203] ioctl(4, LOOP_CLR_FD [pid 5204] <... write resumed>) = 262144 [pid 5204] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5204] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5204] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5204] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5204] close(5) = 0 [pid 5204] close(3) = 0 [pid 5204] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [pid 5204] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5204] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [pid 5204] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5204] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [pid 5204] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5204] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [ 67.060679][ T5203] loop0: detected capacity change from 0 to 512 [ 67.079108][ T5203] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5204] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... ioctl resumed>) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] exit_group(0 [pid 5204] <... futex resumed>) = ? [pid 5203] <... futex resumed>) = ? [pid 5202] <... exit_group resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5205 ./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x555556f155e0, 24) = 0 [pid 5205] chdir("./50") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5205] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5206 attached , parent_tid=[5206], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5206 [pid 5206] set_robust_list(0x7fdbd82d69e0, 24 [pid 5205] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5205] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5206] <... set_robust_list resumed>) = 0 [pid 5205] <... mprotect resumed>) = 0 [pid 5205] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5207], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5207 [pid 5205] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5207 attached [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5207] set_robust_list(0x7fdbd82b59e0, 24 [pid 5206] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5207] <... set_robust_list resumed>) = 0 [pid 5207] memfd_create("syzkaller", 0) = 4 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264474 [pid 5207] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5206] <... write resumed>) = 264474 [pid 5206] munmap(0x7fdbcfe95000, 264474 [pid 5207] <... write resumed>) = 262144 [pid 5206] <... munmap resumed>) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5207] munmap(0x7fdbc7a95000, 262144 [pid 5206] <... openat resumed>) = 5 [ 67.135914][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5206] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5207] <... munmap resumed>) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file0", 0777 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5206] <... mkdir resumed>) = 0 [pid 5207] ioctl(3, LOOP_SET_FD, 4 [pid 5206] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5207] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5206] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5206] ioctl(5, LOOP_CLR_FD) = 0 [pid 5206] close(5 [pid 5207] ioctl(3, LOOP_CLR_FD [pid 5206] <... close resumed>) = 0 [pid 5206] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... ioctl resumed>) = 0 [pid 5207] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5207] close(3) = 0 [pid 5207] close(4) = 0 [pid 5207] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... futex resumed>) = 0 [pid 5206] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5206] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5206] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = 0 [pid 5206] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5205] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5206] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] exit_group(0) = ? [pid 5206] <... futex resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5207] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 [ 67.184784][ T5206] loop0: detected capacity change from 0 to 516 [ 67.203022][ T5206] ext4: Unknown parameter 'jqfmZ!c12nuid32' openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5208 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x555556f155e0, 24) = 0 [pid 5208] chdir("./51") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5208] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5209 [pid 5208] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5208] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5210 [pid 5208] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5210 attached ./strace-static-x86_64: Process 5209 attached ) = 0 [pid 5208] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5210] set_robust_list(0x7fdbd82b59e0, 24 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5209] munmap(0x7fdbcfe95000, 138412032 [pid 5210] memfd_create("syzkaller", 0) = 4 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5210] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5209] <... munmap resumed>) = 0 [pid 5209] close(3) = 0 [pid 5209] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... write resumed>) = 262144 [pid 5210] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5210] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [ 67.268551][ T5210] loop0: detected capacity change from 0 to 512 [ 67.277021][ T5210] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 67.297390][ T5210] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5210] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(3, LOOP_CLR_FD) = 0 [pid 5210] close(3) = 0 [pid 5210] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5210] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5209] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5208] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5209] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5208] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.309798][ T5210] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.333262][ T5209] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 67.348425][ T5209] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [pid 5208] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5209] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5208] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5209] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0) = ? [pid 5209] <... futex resumed>) = ? [pid 5210] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 67.361915][ T5209] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 67.376504][ T5209] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 67.389905][ T5209] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5213 ./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x555556f155e0, 24) = 0 [pid 5213] chdir("./52") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5213] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5214 [pid 5213] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5213] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5215], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5215 [pid 5213] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5214] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.416543][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5214] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5215 attached ) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file0", 0777 [pid 5215] set_robust_list(0x7fdbd82b59e0, 24 [pid 5214] <... mkdir resumed>) = 0 [pid 5214] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5215] <... set_robust_list resumed>) = 0 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5214] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5214] ioctl(4, LOOP_CLR_FD [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5215] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5215] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5215] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5215] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5215] close(5) = 0 [pid 5215] close(3) = 0 [pid 5215] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5213] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5215] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... ioctl resumed>) = 0 [pid 5214] close(4 [pid 5215] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5215] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5215] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5215] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... close resumed>) = 0 [pid 5214] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] exit_group(0 [pid 5214] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... exit_group resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5215] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5216 ./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x555556f155e0, 24) = 0 [pid 5216] chdir("./53") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [ 67.466085][ T5214] loop0: detected capacity change from 0 to 512 [ 67.474620][ T5214] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5216] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5217], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5217 [pid 5216] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5216] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x7fdbd82d69e0, 24 [pid 5216] <... mprotect resumed>) = 0 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5216] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5218], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5218 [pid 5216] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] memfd_create("syzkaller", 0 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] <... memfd_create resumed>) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5218] memfd_create("syzkaller", 0) = 4 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5217] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5217] close(3) = 0 [pid 5217] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... write resumed>) = 262144 [pid 5218] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5218] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./file0", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5218] chdir("./file0") = 0 [pid 5218] ioctl(3, LOOP_CLR_FD) = 0 [pid 5218] close(3) = 0 [pid 5218] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [ 67.544493][ T5218] loop0: detected capacity change from 0 to 512 [ 67.554146][ T5218] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 67.567490][ T5218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 67.579787][ T5218] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5217] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5217] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5217] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [ 67.603987][ T5217] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 67.618815][ T5217] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 67.633529][ T5217] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5216] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5217] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 0 [pid 5217] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5217] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] exit_group(0 [pid 5218] <... futex resumed>) = ? [pid 5216] <... exit_group resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5217] <... futex resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 [ 67.648136][ T5217] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 67.661748][ T5217] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 67.696449][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555556f155e0, 24) = 0 [pid 5221] chdir("./54") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5221] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5222 attached , parent_tid=[5222], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5222 [pid 5222] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5222] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5221] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5221] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5221] <... mprotect resumed>) = 0 [pid 5221] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5223], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5223 [pid 5222] <... write resumed>) = 262144 [pid 5222] munmap(0x7fdbcfeb6000, 262144 [pid 5221] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5222] <... munmap resumed>) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5222] <... ioctl resumed>) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file0", 0777 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] <... mkdir resumed>) = 0 [pid 5222] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5223] memfd_create("syzkaller", 0) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5222] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5222] ioctl(4, LOOP_CLR_FD [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5223] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5223] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5223] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5223] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5223] close(5) = 0 [pid 5223] close(3) = 0 [pid 5223] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5223] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5221] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5223] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5223] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5221] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5223] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5223] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5221] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5223] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [ 67.781859][ T5222] loop0: detected capacity change from 0 to 512 [ 67.790145][ T5222] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5223] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... ioctl resumed>) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5221] <... exit_group resumed>) = ? [pid 5223] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x555556f155e0, 24) = 0 [pid 5224] chdir("./55") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5224] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5225 ./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5225] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5224] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5224] <... futex resumed>) = 0 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5225] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5224] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5224] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5226 attached , parent_tid=[5226], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5226 [pid 5226] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5224] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5226] memfd_create("syzkaller", 0 [pid 5224] <... futex resumed>) = 0 [pid 5225] munmap(0x7fdbcfeb6000, 138412032 [pid 5224] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5226] <... memfd_create resumed>) = 4 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5225] <... munmap resumed>) = 0 [pid 5225] close(3) = 0 [pid 5225] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... mmap resumed>) = 0x7fdbcfeb6000 [pid 5226] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 67.836144][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5226] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file0", 0777) = 0 [ 67.891010][ T5226] loop0: detected capacity change from 0 to 512 [ 67.900213][ T5226] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 67.917641][ T5226] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5226] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5226] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5226] chdir("./file0") = 0 [pid 5226] ioctl(3, LOOP_CLR_FD) = 0 [pid 5226] close(3) = 0 [pid 5226] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5225] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5224] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5225] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 1 [ 67.929984][ T5226] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.948974][ T5225] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 67.963697][ T5225] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 67.977547][ T5225] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5225] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5225] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 5225] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] exit_group(0 [pid 5226] <... futex resumed>) = ? [pid 5225] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 [ 67.992210][ T5225] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 68.005140][ T5225] EXT4-fs error (device loop0): ext4_lookup:1853: inode #12: comm syz-executor377: deleted inode referenced: 13 [ 68.034367][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x555556f155e0, 24) = 0 [pid 5229] chdir("./56") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5229] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5230], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5230 [pid 5229] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5229] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5231 [pid 5229] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached ./strace-static-x86_64: Process 5230 attached [pid 5231] set_robust_list(0x7fdbd82b59e0, 24 [pid 5230] set_robust_list(0x7fdbd82d69e0, 24 [pid 5231] <... set_robust_list resumed>) = 0 [pid 5230] <... set_robust_list resumed>) = 0 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] memfd_create("syzkaller", 0 [pid 5231] <... memfd_create resumed>) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5230] <... memfd_create resumed>) = 4 [pid 5231] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5230] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5230] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5231] <... write resumed>) = 262144 [pid 5230] <... write resumed>) = 262144 [pid 5231] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5230] munmap(0x7fdbc7a95000, 262144 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5230] <... munmap resumed>) = 0 [pid 5231] <... openat resumed>) = 5 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5231] ioctl(5, LOOP_SET_FD, 3 [pid 5230] <... openat resumed>) = 6 [pid 5231] <... ioctl resumed>) = 0 [pid 5230] ioctl(6, LOOP_SET_FD, 4 [pid 5231] close(3) = 0 [pid 5230] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5231] mkdir("./file0", 0777 [pid 5230] ioctl(6, LOOP_CLR_FD) = 0 [pid 5231] <... mkdir resumed>) = 0 [pid 5231] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue" [pid 5230] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5230] close(6) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.124052][ T5231] loop0: detected capacity change from 0 to 512 [ 68.139145][ T5231] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [pid 5230] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... mount resumed>) = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] ioctl(5, LOOP_CLR_FD) = 0 [pid 5231] close(5) = 0 [pid 5231] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5229] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5230] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5230] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = 4 [pid 5230] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 68.176489][ T5231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 68.189590][ T5231] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.209175][ T5230] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz-executor377: bg 0: block 44: padding at end of block bitmap is not set [ 68.253125][ T5002] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x555556f155e0, 24) = 0 [pid 5235] chdir("./57") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5235] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5236], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5236 [pid 5235] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5235] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5237], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5237 [pid 5235] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5236] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5237] memfd_create("syzkaller", 0) = 5 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5236] <... ioctl resumed>) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file0", 0777) = 0 [pid 5237] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5236] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5237] <... write resumed>) = 262144 [pid 5237] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5237] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5237] ioctl(3, LOOP_CLR_FD) = 0 [pid 5236] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4 [pid 5237] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5237] close(3) = 0 [pid 5237] close(5) = 0 [pid 5237] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5237] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5235] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5236] <... close resumed>) = 0 [pid 5236] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5237] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5237] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5236] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5235] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5236] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0) = ? [pid 5237] <... futex resumed>) = ? [pid 5236] <... futex resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x555556f155e0, 24) = 0 [pid 5238] chdir("./58") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.346847][ T5236] loop0: detected capacity change from 0 to 512 [ 68.359556][ T5236] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5238] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5239], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5239 [pid 5238] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5238] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached , parent_tid=[5240], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5240 [pid 5240] set_robust_list(0x7fdbd82b59e0, 24 [pid 5238] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5238] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5239] memfd_create("syzkaller", 0) = 4 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5240] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5240] close(3 [pid 5239] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5240] <... close resumed>) = 0 [pid 5240] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5240] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0 [pid 5238] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... write resumed>) = 262144 [pid 5238] <... futex resumed>) = 0 [pid 5239] munmap(0x7fdbc7a95000, 262144 [pid 5238] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... munmap resumed>) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5239] ioctl(3, LOOP_SET_FD, 4 [pid 5240] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5240] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] setxattr("./file0", "trusted.overlay.upper", "\x64\x8f\x7b\xfd\xea\xc9\xec\xe6\xab\x27\xb3\x49\xb4\xdb\xf7\xfe\x99\xe4\xed\xd9\xb5\xd8\xf1\x35\x99\x8f\x22\x62\x23\x22\x46\x22\xe2\x47\xdf\x8f\xf8\x69\xf2\x76\xdc\xe6\xda\xfa\xe2\x4c\xad\x56\x5d\xe9\xd6\xcb\xad\xfa\x72\xb9\xb9\xb6\x7e\x75\xa1\x3e\x33\x5f\x9d\xaf\x2e\x55\x2a\xd3\x53\xd3\x93\x37\xaf\xdd\xa8\x7c\xb0\xb1\x9e\xab\xff\xf6\xe5\xf7\x16\xee\xfc\xf8\x0f\xbf\xff\xda\x8b\x3f\x6d\x7c\xe7\xe7"..., 8192, 0) = -1 ENOENT (No such file or directory) [pid 5240] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5240] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5240] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... ioctl resumed>) = 0 [pid 5239] close(4) = 0 [pid 5239] mkdir("./file0", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 5239] ioctl(3, LOOP_CLR_FD) = 0 [pid 5239] close(3) = 0 [pid 5239] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.424346][ T5239] loop0: detected capacity change from 0 to 512 [ 68.432920][ T5239] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5239] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5238] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] <... futex resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x555556f155e0, 24) = 0 [pid 5241] chdir("./59") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5241] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5242] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... clone resumed>, parent_tid=[5242], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5242 [pid 5241] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5241] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5241] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5241] <... mprotect resumed>) = 0 [pid 5241] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5242] <... write resumed>) = 262144 [pid 5242] munmap(0x7fdbcfeb6000, 262144./strace-static-x86_64: Process 5243 attached [pid 5241] <... clone resumed>, parent_tid=[5243], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5243 [pid 5243] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5242] <... munmap resumed>) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5241] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... ioctl resumed>) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file0", 0777 [pid 5243] memfd_create("syzkaller", 0 [pid 5242] <... mkdir resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5242] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5241] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5243] <... memfd_create resumed>) = 3 [pid 5242] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5242] ioctl(4, LOOP_CLR_FD [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5243] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5243] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5243] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5243] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5243] close(5) = 0 [pid 5243] close(3) = 0 [pid 5243] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 0 [pid 5243] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5243] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5243] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5243] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... ioctl resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0) = ? [pid 5242] <... futex resumed>) = ? [pid 5242] +++ exited with 0 +++ [ 68.518001][ T5242] loop0: detected capacity change from 0 to 512 [ 68.526000][ T5242] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5243] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5244 ./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x555556f155e0, 24) = 0 [pid 5244] chdir("./60") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5244] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7fdbd82d69e0, 24 [pid 5244] <... clone resumed>, parent_tid=[5245], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5245 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] memfd_create("syzkaller", 0 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... memfd_create resumed>) = 3 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5244] <... mmap resumed>) = 0x7fdbd8295000 [pid 5245] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5244] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5246 [pid 5244] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x7fdbd82b59e0, 24 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5246] <... set_robust_list resumed>) = 0 [pid 5246] memfd_create("syzkaller", 0) = 4 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5245] <... write resumed>) = 262144 [pid 5246] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5245] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5245] ioctl(5, LOOP_SET_FD, 3 [pid 5246] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5245] <... ioctl resumed>) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file0", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5246] <... write resumed>) = 262144 [pid 5245] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5245] ioctl(5, LOOP_CLR_FD [pid 5246] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5246] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5246] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5246] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5246] close(3) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5246] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5246] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5246] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [ 68.576719][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 68.608804][ T5245] loop0: detected capacity change from 0 to 512 [ 68.616461][ T5245] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5246] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... ioctl resumed>) = 0 [pid 5245] close(5) = 0 [pid 5245] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0) = ? [pid 5245] <... futex resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5246] <... futex resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x555556f155e0, 24) = 0 [pid 5247] chdir("./61") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5247] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5248 attached , parent_tid=[5248], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5248 [pid 5248] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5248] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5247] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] memfd_create("syzkaller", 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5248] <... memfd_create resumed>) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5247] <... mmap resumed>) = 0x7fdbd8295000 [pid 5247] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5248] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5247] <... mprotect resumed>) = 0 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5247] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5249] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... clone resumed>, parent_tid=[5249], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5249 [pid 5248] <... write resumed>) = 262144 [pid 5248] munmap(0x7fdbcfe95000, 262144 [pid 5247] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5247] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5249] memfd_create("syzkaller", 0) = 4 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5248] <... munmap resumed>) = 0 [pid 5249] <... mmap resumed>) = 0x7fdbc7ad5000 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5248] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file0", 0777 [pid 5249] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5248] <... mkdir resumed>) = 0 [ 68.655819][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 68.694790][ T5248] loop0: detected capacity change from 0 to 512 [pid 5248] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5249] <... write resumed>) = 262144 [pid 5249] munmap(0x7fdbc7ad5000, 262144 [pid 5248] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5249] <... munmap resumed>) = 0 [pid 5248] ioctl(5, LOOP_CLR_FD [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5248] <... ioctl resumed>) = 0 [pid 5249] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] ioctl(3, LOOP_CLR_FD) = 0 [pid 5248] close(5 [pid 5249] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] close(3) = 0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5249] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... close resumed>) = 0 [pid 5248] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5249] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 0 [pid 5248] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5248] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5249] <... futex resumed>) = 1 [pid 5248] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] exit_group(0) = ? [pid 5249] <... futex resumed>) = ? [pid 5248] <... futex resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5250 ./strace-static-x86_64: Process 5250 attached [ 68.704569][ T5248] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5250] set_robust_list(0x555556f155e0, 24) = 0 [pid 5250] chdir("./62") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5250] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5251 attached , parent_tid=[5251], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5251 [pid 5251] set_robust_list(0x7fdbd82d69e0, 24 [pid 5250] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5250] <... futex resumed>) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5250] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5250] <... clone resumed>, parent_tid=[5252], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5252 [pid 5250] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5252] memfd_create("syzkaller", 0) = 4 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5251] <... write resumed>) = 262144 [pid 5251] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5252] <... mmap resumed>) = 0x7fdbc7a95000 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5251] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file0", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5252] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5252] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5251] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5251] ioctl(5, LOOP_CLR_FD [pid 5252] <... openat resumed>) = 3 [pid 5252] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5252] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5252] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5252] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5252] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5250] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5252] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5252] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5250] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5252] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [ 68.774572][ T5251] loop0: detected capacity change from 0 to 512 [ 68.782488][ T5251] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5252] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... ioctl resumed>) = 0 [pid 5251] close(5) = 0 [pid 5251] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] exit_group(0) = ? [pid 5251] +++ exited with 0 +++ [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5253 ./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x555556f155e0, 24) = 0 [pid 5253] chdir("./63") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5253] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5254], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5254 [pid 5253] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5253] <... mmap resumed>) = 0x7fdbd8295000 [pid 5254] memfd_create("syzkaller", 0 [pid 5253] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE [pid 5254] <... memfd_create resumed>) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5253] <... mprotect resumed>) = 0 [pid 5254] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5253] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5255 [pid 5253] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5255] set_robust_list(0x7fdbd82b59e0, 24) = 0 [pid 5254] <... write resumed>) = 262144 [pid 5254] munmap(0x7fdbcfe95000, 262144 [pid 5255] memfd_create("syzkaller", 0 [pid 5254] <... munmap resumed>) = 0 [ 68.825952][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5255] <... memfd_create resumed>) = 4 [pid 5254] <... openat resumed>) = 5 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5254] ioctl(5, LOOP_SET_FD, 3 [pid 5255] <... mmap resumed>) = 0x7fdbc7ad5000 [pid 5255] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5254] <... ioctl resumed>) = 0 [pid 5255] <... write resumed>) = 262144 [pid 5255] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5254] close(3 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5255] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5255] ioctl(6, LOOP_CLR_FD) = 0 [pid 5254] <... close resumed>) = 0 [pid 5254] mkdir("./file0", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5255] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5255] close(6) = 0 [pid 5255] close(4) = 0 [pid 5255] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5253] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5254] ioctl(5, LOOP_CLR_FD [pid 5255] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5255] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5255] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5253] <... futex resumed>) = 0 [pid 5255] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5253] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5255] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] <... futex resumed>) = 0 [pid 5255] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5253] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5255] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [ 68.893024][ T5254] loop0: detected capacity change from 0 to 512 [ 68.915723][ T5254] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5255] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... ioctl resumed>) = 0 [pid 5254] close(5) = 0 [pid 5254] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5253] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x555556f155e0, 24) = 0 [pid 5256] chdir("./64") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5256] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5257 attached , parent_tid=[5257], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5257 [pid 5257] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5257] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] memfd_create("syzkaller", 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5257] <... memfd_create resumed>) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5256] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5256] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5258 attached ) = 262144 [pid 5256] <... clone resumed>, parent_tid=[5258], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5258 [pid 5257] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5256] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] <... futex resumed>) = 0 [pid 5258] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5258] memfd_create("syzkaller", 0) = 5 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5256] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5258] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5257] close(3 [pid 5258] <... write resumed>) = 262144 [pid 5257] <... close resumed>) = 0 [pid 5257] mkdir("./file0", 0777 [pid 5258] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5257] <... mkdir resumed>) = 0 [pid 5257] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5258] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5258] ioctl(3, LOOP_CLR_FD) = 0 [pid 5257] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4 [pid 5258] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5258] close(3) = 0 [pid 5258] close(5) = 0 [pid 5257] <... close resumed>) = 0 [pid 5257] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5257] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5256] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... setxattr resumed>) = -1 ENOSPC (No space left on device) [pid 5257] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5256] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5257] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5258] <... futex resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x555556f155e0, 24) = 0 [pid 5259] chdir("./65") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5259] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5260], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5260 [pid 5259] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5259] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5261], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5261 [pid 5259] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5261 attached [pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5260] munmap(0x7fdbcfe95000, 262144 [pid 5261] set_robust_list(0x7fdbd82b59e0, 24 [pid 5260] <... munmap resumed>) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.016622][ T5257] loop0: detected capacity change from 0 to 512 [ 69.038758][ T5257] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5260] ioctl(4, LOOP_SET_FD, 3 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5260] <... ioctl resumed>) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file0", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7ad5000 [pid 5260] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5260] ioctl(4, LOOP_CLR_FD [pid 5261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5261] munmap(0x7fdbc7ad5000, 262144) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5261] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5261] ioctl(5, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5261] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5261] close(5) = 0 [pid 5261] close(3) = 0 [pid 5261] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5261] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5261] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5261] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... futex resumed>) = 1 [pid 5261] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5261] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [ 69.089214][ T5260] loop0: detected capacity change from 0 to 512 [ 69.097869][ T5260] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5261] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... ioctl resumed>) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] exit_group(0) = ? [pid 5261] <... futex resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5260] <... futex resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x555556f155e0, 24) = 0 [pid 5262] chdir("./66") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5262] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5263 attached , parent_tid=[5263], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5263 [pid 5263] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5263] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5262] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5262] <... futex resumed>) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbcfe95000 [pid 5262] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5264 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5262] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] <... write resumed>) = 262144 [pid 5263] munmap(0x7fdbcfeb6000, 262144) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x7fdbcfeb59e0, 24) = 0 [pid 5264] memfd_create("syzkaller", 0) = 5 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5263] <... ioctl resumed>) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file0", 0777 [pid 5264] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5263] <... mkdir resumed>) = 0 [ 69.136360][ T5004] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 69.172602][ T5263] loop0: detected capacity change from 0 to 512 [pid 5263] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5264] <... write resumed>) = 262144 [pid 5264] munmap(0x7fdbc7a95000, 262144 [pid 5263] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5263] ioctl(4, LOOP_CLR_FD [pid 5264] <... munmap resumed>) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5264] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5264] ioctl(3, LOOP_CLR_FD) = 0 [pid 5263] <... ioctl resumed>) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5264] close(3) = 0 [pid 5264] close(5 [pid 5263] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... close resumed>) = 0 [pid 5264] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] <... futex resumed>) = 0 [pid 5263] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5263] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5263] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5263] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] exit_group(0) = ? [pid 5264] <... futex resumed>) = ? [pid 5263] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 [ 69.182393][ T5263] ext4: Unknown parameter 'jqfmZ!c12nuid32' close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x555556f155e0, 24) = 0 [pid 5265] chdir("./67") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [pid 5265] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x7fdbd82d69e0, 24) = 0 [pid 5266] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... clone resumed>, parent_tid=[5266], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5266 [pid 5265] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbcfeb6000 [pid 5265] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5265] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5265] mprotect(0x7fdbcfe96000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] clone(child_stack=0x7fdbcfeb53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5266] <... write resumed>) = 262144 [pid 5266] munmap(0x7fdbcfeb6000, 262144./strace-static-x86_64: Process 5267 attached ) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5265] <... clone resumed>, parent_tid=[5267], tls=0x7fdbcfeb5700, child_tidptr=0x7fdbcfeb59d0) = 5267 [pid 5266] <... openat resumed>) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3 [pid 5267] set_robust_list(0x7fdbcfeb59e0, 24 [pid 5265] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5267] <... set_robust_list resumed>) = 0 [pid 5267] memfd_create("syzkaller", 0) = 5 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc7a95000 [pid 5266] <... ioctl resumed>) = 0 [pid 5266] close(3) = 0 [pid 5267] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5266] mkdir("./file0", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file0", "ext4", 0, "\x71\x75\x6f\x74\x61\x2c\x6a\x71\x66\x6d\x5a\xfe\x7f\x21\x63\x31\x32\x9e\x6e\x8f\x75\x69\x64\x33\x32\x2c\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65" [pid 5267] <... write resumed>) = 262144 [pid 5267] munmap(0x7fdbc7a95000, 262144) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5267] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5267] ioctl(3, LOOP_CLR_FD) = 0 [pid 5266] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5266] ioctl(4, LOOP_CLR_FD) = 0 [pid 5266] close(4) = 0 [pid 5267] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5267] close(3) = 0 [pid 5266] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] close(5 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... close resumed>) = 0 [pid 5267] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5266] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... futex resumed>) = 1 [pid 5266] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 ENOSPC (No space left on device) [pid 5266] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... futex resumed>) = 1 [pid 5266] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5266] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5265] exit_group(0) = ? [pid 5267] <... futex resumed>) = ? [pid 5266] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556f16620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556f1e660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f1e660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555556f16620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f155d0) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x555556f155e0, 24) = 0 [pid 5268] chdir("./68") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd82b6000 [ 69.252282][ T5266] loop0: detected capacity change from 0 to 512 [ 69.262007][ T5266] ext4: Unknown parameter 'jqfmZ!c12nuid32' [pid 5268] mprotect(0x7fdbd82b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] clone(child_stack=0x7fdbd82d63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5269], tls=0x7fdbd82d6700, child_tidptr=0x7fdbd82d69d0) = 5269 [pid 5268] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd8295000 [pid 5268] mprotect(0x7fdbd8296000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x7fdbd82d69e0, 24 [pid 5268] <... mprotect resumed>) = 0 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5268] clone(child_stack=0x7fdbd82b53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5269] <... mmap resumed>) = 0x7fdbcfe95000 ./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7fdbd82b59e0, 24 [pid 5268] <... clone resumed>, parent_tid=[5270], tls=0x7fdbd82b5700, child_tidptr=0x7fdbd82b59d0) = 5270 [pid 5268] futex(0x7fdbd83af798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fdbd83af79c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5270] <... set_robust_list resumed>) = 0 [pid 5270] memfd_create("syzkaller", 0) = 4 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5269] munmap(0x7fdbcfe95000, 138412032) = 0 [pid 5269] close(3) = 0 [pid 5269] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fdbd83af788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... mmap resumed>) = 0x7fdbcfe95000 [pid 5270] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5270] munmap(0x7fdbcfe95000, 262144) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5270] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5270] close(4) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [pid 5270] mount("/dev/loop0", "./file0", "ext4", 0, "quota,jqfmt=vfsv0,nouid32,,errors=continue") = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5270] chdir("./file0") = 0 [pid 5270] ioctl(3, LOOP_CLR_FD) = 0 [pid 5270] close(3) = 0 [pid 5270] futex(0x7fdbd83af79c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [ 69.323951][ T5270] loop0: detected capacity change from 0 to 512 [ 69.332799][ T5270] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 69.347376][ T5270] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 69.359590][ T5270] ext4 filesystem being mounted at /root/syzkaller.3rXkzo/68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5269] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0 [pid 5268] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] futex(0x7fdbd83af798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5269] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fdbd83af78c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 1 [ 69.378830][ T5269] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [ 69.398116][ T5269] EXT4-fs error (device loop0): ext4_xattr_block_set:2241: inode #12: comm syz-executor377: bad block 0 [ 69.411059][ T5269] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3806: comm syz-executor377: Allocating blocks 44-48 which overlap fs metadata [pid 5269] setxattr("./file0", "trusted.overlay.upper", "\xb2\xc7\xbd\x79\xfd\x74\x76\xf3\xf5\xd3\xd9\x24\xda\xed\xfb\xff\x4c\xf2\xf6\xec\x5a\xec\xf8\x37\x99\x4f\xba\xcf\x39\x12\x11\x3f\xfa\x7e\xc4\x4f\x93\x77\xe3\x36\xd7\xd6\x17\x67\x6a\xb5\xea\x4a\xb7\x5e\x6e\xd5\x97\xcb\xcd\xb5\xf5\x6b\x0b\xf5\x99\xf9\xea\x7c\x75\xa9\x52\x99\x9e\x9a\x9e\xbc\x75\xfd\x66\xe5\xa3\x8d\xf5\x42\xfd\xb7\xaf\xbe\xb7\x70\xf7\xc7\x7f\xf8\xfd\x57\x5f\xfe\x69\xe3\x3b\x3f\xcf\xba"..., 8192, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5269] futex(0x7fdbd83af78c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_TRUNC|O_LARGEFILE|O_NOFOLLOW [pid 5268] futex(0x7fdbd83af788, FUTEX_WAKE_PRIVATE, 1000000) = 0