./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3724650743 <...> Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts. execve("./syz-executor3724650743", ["./syz-executor3724650743"], 0x7ffc1d1981d0 /* 10 vars */) = 0 brk(NULL) = 0x55556f9b6000 brk(0x55556f9b6e00) = 0x55556f9b6e00 arch_prctl(ARCH_SET_FS, 0x55556f9b6480) = 0 set_tid_address(0x55556f9b6750) = 5842 set_robust_list(0x55556f9b6760, 24) = 0 rseq(0x55556f9b6da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3724650743", 4096) = 28 getrandom("\x6b\x73\x72\x40\x47\x48\xa1\x97", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f9b6e00 brk(0x55556f9d7e00) = 0x55556f9d7e00 brk(0x55556f9d8000) = 0x55556f9d8000 mprotect(0x7f4f4f361000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f4f4f2b6940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4f4f2bf690}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f4f4f2b6940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4f4f2bf690}, NULL, 8) = 0 mkdir("./syzkaller.KIJz6a", 0700) = 0 chmod("./syzkaller.KIJz6a", 0777) = 0 chdir("./syzkaller.KIJz6a") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached , child_tidptr=0x55556f9b6750) = 5843 [pid 5843] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5843] chdir("./0") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5843] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./bus", 0777) = 0 [ 89.092981][ T5843] loop0: detected capacity change from 0 to 512 [pid 5843] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./bus") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] mkdir("./bus", 0777) = 0 [pid 5843] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5843] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5843] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 89.148169][ T5843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.161128][ T5843] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5843] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5843] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 89.210690][ T29] audit: type=1800 audit(1729998433.921:2): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 89.231742][ T29] audit: type=1800 audit(1729998433.931:3): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached <unfinished ...> [pid 5848] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5848 [pid 5848] chdir("./1") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5848] write(1, "executing program\n", 18) = 18 [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [ 89.327201][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5848] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./bus", 0777) = 0 [ 89.402362][ T5848] loop0: detected capacity change from 0 to 512 [pid 5848] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./bus") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] mkdir("./bus", 0777) = 0 [pid 5848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5848] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5848] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [ 89.444256][ T5848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.457058][ T5848] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/1/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5848] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5848] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5848] exit_group(0) = ? [pid 5848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 89.494003][ T29] audit: type=1800 audit(1729998434.201:4): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 89.515235][ T29] audit: type=1800 audit(1729998434.211:5): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 89.549113][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x55556f9b6750) = 5851 [pid 5851] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5851] chdir("./2") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5851] write(1, "executing program\n", 18) = 18 [pid 5851] memfd_create("syzkaller", 0) = 3 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5851] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] close(3) = 0 [pid 5851] close(4) = 0 [pid 5851] mkdir("./bus", 0777) = 0 [ 89.837185][ T5851] loop0: detected capacity change from 0 to 512 [pid 5851] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5851] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] chdir("./bus") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5851] mkdir("./bus", 0777) = 0 [pid 5851] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5851] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5851] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 89.914946][ T5851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.928369][ T5851] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/2/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5851] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5851] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5851] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5851] exit_group(0) = ? [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 89.995711][ T29] audit: type=1800 audit(1729998434.701:6): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 90.018143][ T29] audit: type=1800 audit(1729998434.721:7): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached <unfinished ...> [pid 5854] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5854 [pid 5854] chdir("./3") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [ 90.105564][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18executing program ) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5854] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./bus", 0777) = 0 [ 90.182285][ T5854] loop0: detected capacity change from 0 to 512 [pid 5854] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./bus") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] mkdir("./bus", 0777) = 0 [pid 5854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 90.244808][ T5854] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.257983][ T5854] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5854] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5854] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5854] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5854] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 90.311427][ T29] audit: type=1800 audit(1729998435.021:8): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 90.332330][ T29] audit: type=1800 audit(1729998435.031:9): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached <unfinished ...> [pid 5857] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5857 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5857] chdir("./4") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [ 90.389016][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5857] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5857] close(3) = 0 [pid 5857] close(4) = 0 [pid 5857] mkdir("./bus", 0777) = 0 [ 90.471401][ T5857] loop0: detected capacity change from 0 to 512 [pid 5857] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] chdir("./bus") = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.514308][ T5857] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.527299][ T5857] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5857] mkdir("./bus", 0777) = 0 [pid 5857] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5857] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5857] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5857] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5857] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5857] exit_group(0) = ? [pid 5857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 90.582394][ T29] audit: type=1800 audit(1729998435.291:10): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 90.603345][ T29] audit: type=1800 audit(1729998435.301:11): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x55556f9b6750) = 5860 [pid 5860] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5860] chdir("./5") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [ 90.718204][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5860] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./bus", 0777) = 0 [ 90.820848][ T5860] loop0: detected capacity change from 0 to 512 [pid 5860] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5860] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./bus") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.866102][ T5860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.878744][ T5860] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5860] mkdir("./bus", 0777) = 0 [pid 5860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5860] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5860] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5860] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5860] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x55556f9b6750) = 5863 [pid 5863] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5863] chdir("./6") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [ 91.083523][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. executing program [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] memfd_create("syzkaller", 0) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5863] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5863] close(3) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./bus", 0777) = 0 [ 91.197408][ T5863] loop0: detected capacity change from 0 to 512 [pid 5863] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5863] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5863] chdir("./bus") = 0 [ 91.244903][ T5863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.257645][ T5863] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/6/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5863] mkdir("./bus", 0777) = 0 [pid 5863] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5863] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5863] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5863] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5863] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5863] exit_group(0) = ? [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 [ 91.402086][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached <unfinished ...> [pid 5866] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5866] chdir("./7") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5866 [pid 5866] <... prctl resumed>) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] write(1, "executing program\n", 18) = 18 [pid 5866] memfd_create("syzkaller", 0) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5866] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] mkdir("./bus", 0777) = 0 [ 91.559682][ T5866] loop0: detected capacity change from 0 to 512 [pid 5866] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./bus") = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] mkdir("./bus", 0777) = 0 [pid 5866] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5866] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5866] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 91.622709][ T5866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.636442][ T5866] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5866] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5866] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5866] exit_group(0) = ? [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 91.786109][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./7/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x55556f9b6750) = 5869 [pid 5869] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5869] chdir("./8") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5869] write(1, "executing program\n", 18) = 18 [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5869] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./bus", 0777) = 0 [ 91.977796][ T5869] loop0: detected capacity change from 0 to 512 [pid 5869] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./bus") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.034420][ T5869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.047193][ T5869] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5869] mkdir("./bus", 0777) = 0 [pid 5869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5869] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5869] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5869] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5869] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5869] exit_group(0) = ? [pid 5869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x55556f9b6750) = 5872 [pid 5872] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5872] chdir("./9") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [ 92.249220][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5872] write(1, "executing program\n", 18) = 18 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5872] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./bus", 0777) = 0 [ 92.320588][ T5872] loop0: detected capacity change from 0 to 512 [pid 5872] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./bus") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.375712][ T5872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.388342][ T5872] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/9/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5872] mkdir("./bus", 0777) = 0 [pid 5872] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5872] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5872] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5872] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5872] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5872] exit_group(0) = ? [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x55556f9b6750) = 5875 [ 92.600887][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5875] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5875] chdir("./10") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5875] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./bus", 0777) = 0 [ 92.743683][ T5875] loop0: detected capacity change from 0 to 512 [pid 5875] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5875] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./bus") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] mkdir("./bus", 0777) = 0 [pid 5875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5875] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5875] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5875] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5875] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 [ 92.794004][ T5875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.807755][ T5875] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/10/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x55556f9b6750) = 5878 [pid 5878] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5878] chdir("./11") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [ 92.918898][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5878] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./bus", 0777) = 0 [ 93.041435][ T5878] loop0: detected capacity change from 0 to 512 [pid 5878] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5878] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./bus") = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] mkdir("./bus", 0777) = 0 [pid 5878] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 93.094374][ T5878] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.107049][ T5878] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/11/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5878] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5878] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5878] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5878] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x55556f9b6750) = 5881 [pid 5881] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5881] chdir("./12") = 0 [ 93.306483][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] memfd_create("syzkaller", 0) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5881] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./bus", 0777) = 0 [ 93.382220][ T5881] loop0: detected capacity change from 0 to 512 [pid 5881] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5881] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./bus") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] mkdir("./bus", 0777) = 0 [ 93.425288][ T5881] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.438023][ T5881] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/12/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5881] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5881] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5881] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5881] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached <unfinished ...> [pid 5884] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5884 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5884] chdir("./13") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 executing program [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5884] memfd_create("syzkaller", 0) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [ 93.640052][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5884] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [ 93.731189][ T5884] loop0: detected capacity change from 0 to 512 [pid 5884] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./bus") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] mkdir("./bus", 0777) = 0 [pid 5884] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5884] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5884] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5884] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5884] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 93.774930][ T5884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.787529][ T5884] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/13/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached <unfinished ...> [pid 5888] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5888 [pid 5888] chdir("./14") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [ 93.844242][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5888] write(1, "executing program\n", 18) = 18 executing program [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5888] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./bus", 0777) = 0 [ 93.942969][ T5888] loop0: detected capacity change from 0 to 512 [ 93.976625][ T5888] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5888] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./bus") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] mkdir("./bus", 0777) = 0 [pid 5888] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5888] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5888] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5888] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 93.989399][ T5888] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/14/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5888] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5888] exit_group(0) = ? [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x55556f9b6750) = 5891 [ 94.189979][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5891] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5891] chdir("./15") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5891] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./bus", 0777) = 0 [ 94.314514][ T5891] loop0: detected capacity change from 0 to 512 [pid 5891] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5891] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./bus") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] mkdir("./bus", 0777) = 0 [pid 5891] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5891] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5891] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5891] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 94.396327][ T5891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.410034][ T5891] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/15/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5891] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 94.471226][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 94.471253][ T29] audit: type=1800 audit(1729998439.171:32): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.526557][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.551019][ T29] audit: type=1800 audit(1729998439.171:33): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached <unfinished ...> [pid 5894] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5894 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5894] chdir("./16") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] write(1, "executing program\n", 18executing program ) = 18 [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5894] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./bus", 0777) = 0 [ 94.854217][ T5894] loop0: detected capacity change from 0 to 512 [pid 5894] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./bus") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] mkdir("./bus", 0777) = 0 [pid 5894] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5894] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 94.903884][ T5894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.917084][ T5894] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/16/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5894] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5894] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5894] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5894] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.969187][ T29] audit: type=1800 audit(1729998439.671:34): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 94.992248][ T29] audit: type=1800 audit(1729998439.701:35): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 95.146094][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached <unfinished ...> [pid 5897] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5897 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5897] chdir("./17") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5897] write(1, "executing program\n", 18) = 18 [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5897] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./bus", 0777) = 0 [ 95.266924][ T5897] loop0: detected capacity change from 0 to 512 [pid 5897] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5897] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./bus") = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 95.313855][ T5897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.326404][ T5897] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/17/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5897] mkdir("./bus", 0777) = 0 [pid 5897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5897] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5897] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5897] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5897] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5897] exit_group(0) = ? [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 95.383443][ T29] audit: type=1800 audit(1729998440.091:36): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 95.404397][ T29] audit: type=1800 audit(1729998440.101:37): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached , child_tidptr=0x55556f9b6750) = 5900 [pid 5900] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5900] chdir("./18") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [ 95.539118][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. executing program [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] memfd_create("syzkaller", 0) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5900] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] close(4) = 0 [pid 5900] mkdir("./bus", 0777) = 0 [ 95.639893][ T5900] loop0: detected capacity change from 0 to 512 [pid 5900] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./bus") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] mkdir("./bus", 0777) = 0 [pid 5900] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5900] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5900] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 95.704232][ T5900] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.717170][ T5900] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/18/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5900] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5900] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5900] exit_group(0) = ? [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 95.753293][ T29] audit: type=1800 audit(1729998440.461:38): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 95.774233][ T29] audit: type=1800 audit(1729998440.471:39): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached <unfinished ...> [pid 5903] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5903 [pid 5903] chdir("./19") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 executing program [ 95.868008][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5903] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./bus", 0777) = 0 [ 95.940795][ T5903] loop0: detected capacity change from 0 to 512 [pid 5903] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5903] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./bus") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] mkdir("./bus", 0777) = 0 [pid 5903] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5903] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5903] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 96.004727][ T5903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.017475][ T5903] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/19/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5903] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5903] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 96.063375][ T29] audit: type=1800 audit(1729998440.771:40): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [pid 5903] exit_group(0) = ? [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 96.096181][ T29] audit: type=1800 audit(1729998440.801:41): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached , child_tidptr=0x55556f9b6750) = 5906 [pid 5906] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5906] chdir("./20") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] write(1, "executing program\n", 18executing program ) = 18 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [ 96.232819][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5906] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./bus", 0777) = 0 [ 96.302842][ T5906] loop0: detected capacity change from 0 to 512 [pid 5906] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./bus") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] mkdir("./bus", 0777) = 0 [pid 5906] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5906] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 96.348078][ T5906] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.361459][ T5906] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/20/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5906] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5906] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5906] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached <unfinished ...> [pid 5909] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5909 [pid 5909] <... set_robust_list resumed>) = 0 [ 96.450515][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5909] chdir("./21") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5909] write(1, "executing program\n", 18) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5909] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 96.544352][ T1221] cfg80211: failed to load regulatory.db [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./bus", 0777) = 0 [ 96.585182][ T5909] loop0: detected capacity change from 0 to 512 [pid 5909] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5909] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./bus") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] mkdir("./bus", 0777) = 0 [pid 5909] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5909] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5909] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5909] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5909] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5909] exit_group(0) = ? [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.635370][ T5909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.648125][ T5909] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/21/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 96.704611][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached , child_tidptr=0x55556f9b6750) = 5912 [pid 5912] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5912] chdir("./22") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5912] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./bus", 0777) = 0 [ 96.889004][ T5912] loop0: detected capacity change from 0 to 512 [pid 5912] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./bus") = 0 [ 96.944229][ T5912] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.956873][ T5912] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/22/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] mkdir("./bus", 0777) = 0 [pid 5912] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5912] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5912] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5912] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5912] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5912] exit_group(0) = ? [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x55556f9b6750) = 5915 [pid 5915] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5915] chdir("./23") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18executing program ) = 18 [ 97.042800][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5915] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./bus", 0777) = 0 [ 97.126652][ T5915] loop0: detected capacity change from 0 to 512 [pid 5915] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./bus") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] mkdir("./bus", 0777) = 0 [pid 5915] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 97.184578][ T5915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.197924][ T5915] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/23/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5915] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5915] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5915] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5915] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 97.389918][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f9b6750) = 5918 ./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5918] chdir("./24") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5918] write(1, "executing program\n", 18) = 18 [pid 5918] memfd_create("syzkaller", 0) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5918] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./bus", 0777) = 0 [ 97.549872][ T5918] loop0: detected capacity change from 0 to 512 [pid 5918] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./bus") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] mkdir("./bus", 0777) = 0 [pid 5918] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5918] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 97.604519][ T5918] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.617455][ T5918] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/24/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5918] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5918] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5918] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5918] exit_group(0) = ? [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached , child_tidptr=0x55556f9b6750) = 5921 [pid 5921] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5921] chdir("./25") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] write(1, "executing program\n", 18executing program ) = 18 [ 97.825274][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5921] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [ 97.896742][ T5921] loop0: detected capacity change from 0 to 512 [pid 5921] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 97.944741][ T5921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.957942][ T5921] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/25/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5921] chdir("./bus") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] mkdir("./bus", 0777) = 0 [pid 5921] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5921] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5921] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5921] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5921] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5921] exit_group(0) = ? [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached , child_tidptr=0x55556f9b6750) = 5924 [pid 5924] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5924] chdir("./26") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [ 98.151276][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] write(1, "executing program\n", 18executing program ) = 18 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5924] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./bus", 0777) = 0 [ 98.257498][ T5924] loop0: detected capacity change from 0 to 512 [pid 5924] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5924] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./bus") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.314684][ T5924] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.327850][ T5924] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/26/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5924] mkdir("./bus", 0777) = 0 [pid 5924] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5924] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5924] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5924] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5924] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5924] exit_group(0) = ? [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached , child_tidptr=0x55556f9b6750) = 5927 [pid 5927] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5927] chdir("./27") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5927] write(1, "executing program\n", 18) = 18 [ 98.525614][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5927] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./bus", 0777) = 0 [ 98.600126][ T5927] loop0: detected capacity change from 0 to 512 [pid 5927] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./bus") = 0 [ 98.654074][ T5927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.666719][ T5927] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/27/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] mkdir("./bus", 0777) = 0 [pid 5927] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5927] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5927] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5927] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5927] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5927] exit_group(0) = ? [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 98.896155][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x55556f9b6750) = 5930 [pid 5930] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5930] chdir("./28") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5930] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./bus", 0777) = 0 [ 99.065842][ T5930] loop0: detected capacity change from 0 to 512 [pid 5930] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./bus") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] mkdir("./bus", 0777) = 0 [pid 5930] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5930] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5930] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5930] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 99.114703][ T5930] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.127429][ T5930] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/28/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5930] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5930] exit_group(0) = ? [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f9b6750) = 5933 ./strace-static-x86_64: Process 5933 attached [pid 5933] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5933] chdir("./29") = 0 [ 99.320082][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5933] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./bus", 0777) = 0 [ 99.454525][ T5933] loop0: detected capacity change from 0 to 512 [pid 5933] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./bus") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] mkdir("./bus", 0777) = 0 [pid 5933] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 99.493817][ T5933] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.506501][ T5933] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/29/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5933] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5933] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5933] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5933] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5933] exit_group(0) = ? [pid 5933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 99.588508][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 99.588536][ T29] audit: type=1800 audit(1729998444.291:60): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 99.617458][ T29] audit: type=1800 audit(1729998444.321:61): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 99.708420][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached <unfinished ...> [pid 5936] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5936 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5936] chdir("./30") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5936] write(1, "executing program\n", 18) = 18 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5936] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./bus", 0777) = 0 [ 99.889653][ T5936] loop0: detected capacity change from 0 to 512 [pid 5936] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./bus") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] mkdir("./bus", 0777) = 0 [pid 5936] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5936] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5936] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 99.944048][ T5936] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.957036][ T5936] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/30/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5936] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5936] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5936] exit_group(0) = ? [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 100.003198][ T29] audit: type=1800 audit(1729998444.711:62): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 100.026038][ T29] audit: type=1800 audit(1729998444.741:63): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached , child_tidptr=0x55556f9b6750) = 5939 [pid 5939] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5939] chdir("./31") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5939] write(1, "executing program\n", 18executing program ) = 18 [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [ 100.181821][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5939] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./bus", 0777) = 0 [ 100.250784][ T5939] loop0: detected capacity change from 0 to 512 [ 100.277499][ T5939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5939] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 100.290208][ T5939] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/31/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5939] chdir("./bus") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] mkdir("./bus", 0777) = 0 [pid 5939] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5939] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5939] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5939] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5939] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5939] exit_group(0) = ? [pid 5939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 100.391850][ T29] audit: type=1800 audit(1729998445.101:64): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 100.412852][ T29] audit: type=1800 audit(1729998445.101:65): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached <unfinished ...> [pid 5942] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5942] chdir("./32" <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5942 [pid 5942] <... chdir resumed>) = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] write(1, "executing program\n", 18executing program ) = 18 [pid 5942] memfd_create("syzkaller", 0) = 3 [ 100.487815][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5942] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./bus", 0777) = 0 [ 100.580462][ T5942] loop0: detected capacity change from 0 to 512 [pid 5942] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./bus") = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5942] mkdir("./bus", 0777) = 0 [pid 5942] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5942] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5942] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 100.634527][ T5942] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/32/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5942] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5942] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5942] exit_group(0) = ? [ 100.679285][ T29] audit: type=1800 audit(1729998445.381:66): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 100.700487][ T29] audit: type=1800 audit(1729998445.401:67): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x55556f9b6750) = 5945 [pid 5945] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5945] chdir("./33") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5945] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./bus", 0777) = 0 [ 100.946976][ T5945] loop0: detected capacity change from 0 to 512 [pid 5945] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./bus") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.004749][ T5945] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/33/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5945] mkdir("./bus", 0777) = 0 [pid 5945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5945] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5945] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5945] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5945] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 101.073986][ T29] audit: type=1800 audit(1729998445.781:68): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 101.095582][ T29] audit: type=1800 audit(1729998445.781:69): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 unlink("./33/binderfs") = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached , child_tidptr=0x55556f9b6750) = 5948 [pid 5948] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5948] chdir("./34") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18executing program ) = 18 [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5948] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./bus", 0777) = 0 [ 101.237950][ T5948] loop0: detected capacity change from 0 to 512 [pid 5948] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./bus") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] mkdir("./bus", 0777) = 0 [pid 5948] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5948] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5948] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [ 101.294295][ T5948] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/34/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5948] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5948] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5948] exit_group(0) = ? [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached , child_tidptr=0x55556f9b6750) = 5951 [pid 5951] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5951] chdir("./35") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] write(1, "executing program\n", 18executing program ) = 18 [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5951] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./bus", 0777) = 0 [pid 5951] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5951] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./bus") = 0 [ 101.566635][ T5951] loop0: detected capacity change from 0 to 512 [ 101.596473][ T5951] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/35/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] mkdir("./bus", 0777) = 0 [pid 5951] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5951] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5951] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5951] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5951] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5951] exit_group(0) = ? [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached <unfinished ...> [pid 5954] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5954 [pid 5954] chdir("./36") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] write(1, "executing program\n", 18) = 18 executing program [pid 5954] memfd_create("syzkaller", 0) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5954] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] close(4) = 0 [pid 5954] mkdir("./bus", 0777) = 0 [ 101.897980][ T5954] loop0: detected capacity change from 0 to 512 [pid 5954] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./bus") = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5954] mkdir("./bus", 0777) = 0 [pid 5954] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5954] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5954] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5954] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5954] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5954] exit_group(0) = ? [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 101.975136][ T5954] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/36/bus supports timestamps until 2038-01-19 (0x7fffffff) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x55556f9b6750) = 5957 [pid 5957] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5957] chdir("./37") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5957] write(1, "executing program\n", 18executing program ) = 18 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5957] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./bus", 0777) = 0 [ 102.388876][ T5957] loop0: detected capacity change from 0 to 512 [pid 5957] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5957] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./bus") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] mkdir("./bus", 0777) = 0 [pid 5957] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 102.434741][ T5957] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/37/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5957] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5957] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5957] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5957] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5957] exit_group(0) = ? [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5960 attached , child_tidptr=0x55556f9b6750) = 5960 [pid 5960] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5960] chdir("./38") = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5960] setpgid(0, 0) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5960] write(3, "1000", 4) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5960] write(1, "executing program\n", 18) = 18 [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5960] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] close(4) = 0 [pid 5960] mkdir("./bus", 0777) = 0 [pid 5960] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5960] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./bus") = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.817543][ T5960] loop0: detected capacity change from 0 to 512 [ 102.854432][ T5960] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/38/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5960] mkdir("./bus", 0777) = 0 [pid 5960] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5960] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5960] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5960] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5960] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5960] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5960] exit_group(0) = ? [pid 5960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5963 attached , child_tidptr=0x55556f9b6750) = 5963 [pid 5963] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5963] chdir("./39") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5963] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./bus", 0777) = 0 [ 103.249113][ T5963] loop0: detected capacity change from 0 to 512 [pid 5963] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./bus") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.294184][ T5963] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/39/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5963] mkdir("./bus", 0777) = 0 [pid 5963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5963] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5963] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5963] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5963] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5963] exit_group(0) = ? [pid 5963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached <unfinished ...> [pid 5966] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5966] chdir("./40") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5966 [pid 5966] <... openat resumed>) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5966] write(1, "executing program\n", 18) = 18 [pid 5966] memfd_create("syzkaller", 0) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5966] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] close(4) = 0 [pid 5966] mkdir("./bus", 0777) = 0 [ 103.744853][ T5966] loop0: detected capacity change from 0 to 512 [pid 5966] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./bus") = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5966] mkdir("./bus", 0777) = 0 [pid 5966] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5966] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5966] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5966] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5966] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5966] exit_group(0) = ? [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 103.794215][ T5966] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/40/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached <unfinished ...> [pid 5969] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5969] chdir("./41" <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5969 [pid 5969] <... chdir resumed>) = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5969] write(1, "executing program\n", 18) = 18 [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5969] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./bus", 0777) = 0 [ 104.058059][ T5969] loop0: detected capacity change from 0 to 512 [pid 5969] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./bus") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] mkdir("./bus", 0777) = 0 [pid 5969] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5969] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5969] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5969] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 104.114986][ T5969] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/41/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5969] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5969] exit_group(0) = ? [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5972 attached , child_tidptr=0x55556f9b6750) = 5972 [pid 5972] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5972] chdir("./42") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5972] write(1, "executing program\n", 18) = 18 [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5972] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] close(4) = 0 [pid 5972] mkdir("./bus", 0777) = 0 [ 104.326490][ T5972] loop0: detected capacity change from 0 to 512 [pid 5972] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5972] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./bus") = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5972] mkdir("./bus", 0777) = 0 [pid 5972] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5972] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5972] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5972] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 104.384255][ T5972] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/42/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5972] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5972] exit_group(0) = ? [pid 5972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached , child_tidptr=0x55556f9b6750) = 5975 [pid 5975] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5975] chdir("./43") = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5975] write(3, "1000", 4) = 4 [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5975] write(1, "executing program\n", 18) = 18 [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5975] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./bus", 0777) = 0 [ 104.769107][ T5975] loop0: detected capacity change from 0 to 512 [pid 5975] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5975] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./bus") = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] mkdir("./bus", 0777) = 0 [pid 5975] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5975] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 104.814977][ T5975] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/43/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5975] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5975] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5975] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5975] exit_group(0) = ? [pid 5975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 104.877930][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 104.877954][ T29] audit: type=1800 audit(1729998449.581:88): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 104.905722][ T29] audit: type=1800 audit(1729998449.591:89): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached <unfinished ...> [pid 5978] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5978 [pid 5978] chdir("./44") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] write(1, "executing program\n", 18executing program ) = 18 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5978] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] close(4) = 0 [pid 5978] mkdir("./bus", 0777) = 0 [ 105.088627][ T5978] loop0: detected capacity change from 0 to 512 [pid 5978] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5978] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./bus") = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5978] mkdir("./bus", 0777) = 0 [pid 5978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5978] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 105.148905][ T5978] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/44/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5978] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5978] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5978] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5978] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5978] exit_group(0) = ? [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 105.214131][ T29] audit: type=1800 audit(1729998449.921:90): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 105.235097][ T29] audit: type=1800 audit(1729998449.921:91): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached , child_tidptr=0x55556f9b6750) = 5981 [pid 5981] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5981] chdir("./45") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5981] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./bus", 0777) = 0 [ 105.388034][ T5981] loop0: detected capacity change from 0 to 512 [pid 5981] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./bus") = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.454236][ T5981] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/45/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5981] mkdir("./bus", 0777) = 0 [pid 5981] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5981] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5981] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5981] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5981] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5981] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5981] exit_group(0) = ? [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.524467][ T29] audit: type=1800 audit(1729998450.231:92): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 105.546610][ T29] audit: type=1800 audit(1729998450.251:93): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x55556f9b6750) = 5984 [pid 5984] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5984] chdir("./46") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] write(1, "executing program\n", 18executing program ) = 18 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5984] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./bus", 0777) = 0 [ 105.771940][ T5984] loop0: detected capacity change from 0 to 512 [pid 5984] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./bus") = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5984] mkdir("./bus", 0777) = 0 [pid 5984] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5984] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5984] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5984] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5984] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5984] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5984] exit_group(0) = ? [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 105.824241][ T5984] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/46/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.849267][ T29] audit: type=1800 audit(1729998450.551:94): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.871247][ T29] audit: type=1800 audit(1729998450.561:95): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached , child_tidptr=0x55556f9b6750) = 5987 [pid 5987] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5987] chdir("./47") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5987] write(1, "executing program\n", 18) = 18 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5987] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] close(4) = 0 [pid 5987] mkdir("./bus", 0777) = 0 [pid 5987] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5987] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./bus") = 0 [ 106.090795][ T5987] loop0: detected capacity change from 0 to 512 [ 106.124591][ T5987] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/47/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5987] mkdir("./bus", 0777) = 0 [pid 5987] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5987] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5987] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5987] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5987] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5987] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5987] exit_group(0) = ? [pid 5987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.205442][ T29] audit: type=1800 audit(1729998450.911:96): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 106.226450][ T29] audit: type=1800 audit(1729998450.921:97): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5990 attached , child_tidptr=0x55556f9b6750) = 5990 [pid 5990] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5990] chdir("./48") = 0 [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5990] setpgid(0, 0) = 0 [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5990] write(3, "1000", 4) = 4 [pid 5990] close(3) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5990] write(1, "executing program\n", 18) = 18 [pid 5990] memfd_create("syzkaller", 0) = 3 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5990] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5990] close(3) = 0 [pid 5990] close(4) = 0 [pid 5990] mkdir("./bus", 0777) = 0 [ 106.467409][ T5990] loop0: detected capacity change from 0 to 512 [pid 5990] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5990] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("./bus") = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5990] mkdir("./bus", 0777) = 0 [pid 5990] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5990] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5990] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5990] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5990] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5990] exit_group(0) = ? [pid 5990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.524233][ T5990] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/48/bus supports timestamps until 2038-01-19 (0x7fffffff) getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached <unfinished ...> [pid 5993] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5993] chdir("./49" <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5993 [pid 5993] <... chdir resumed>) = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5993] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] close(4) = 0 [pid 5993] mkdir("./bus", 0777) = 0 [ 106.802935][ T5993] loop0: detected capacity change from 0 to 512 [pid 5993] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./bus") = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 106.864219][ T5993] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/49/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5993] mkdir("./bus", 0777) = 0 [pid 5993] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5993] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5993] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5993] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5993] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5993] exit_group(0) = ? [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5996 attached , child_tidptr=0x55556f9b6750) = 5996 [pid 5996] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5996] chdir("./50") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] write(1, "executing program\n", 18executing program ) = 18 [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5996] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] close(4) = 0 [pid 5996] mkdir("./bus", 0777) = 0 [ 107.180727][ T5996] loop0: detected capacity change from 0 to 512 [pid 5996] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./bus") = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.224205][ T5996] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/50/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5996] mkdir("./bus", 0777) = 0 [pid 5996] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5996] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5996] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5996] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5996] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5996] exit_group(0) = ? [pid 5996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached , child_tidptr=0x55556f9b6750) = 5999 [pid 5999] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5999] chdir("./51") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5999] write(1, "executing program\n", 18) = 18 [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5999] munmap(0x7f4f46e00000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] close(4) = 0 [pid 5999] mkdir("./bus", 0777) = 0 [ 107.518274][ T5999] loop0: detected capacity change from 0 to 512 [pid 5999] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./bus") = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5999] mkdir("./bus", 0777) = 0 [pid 5999] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 107.574703][ T5999] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/51/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5999] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 5999] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 5999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 5999] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 5999] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 5999] exit_group(0) = ? [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6002 attached , child_tidptr=0x55556f9b6750) = 6002 [pid 6002] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6002] chdir("./52") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6002] write(1, "executing program\n", 18) = 18 [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6002] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] close(4) = 0 [pid 6002] mkdir("./bus", 0777) = 0 [ 107.806278][ T6002] loop0: detected capacity change from 0 to 512 [pid 6002] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./bus") = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6002] mkdir("./bus", 0777) = 0 [pid 6002] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6002] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6002] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6002] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6002] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 107.864752][ T6002] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/52/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6002] exit_group(0) = ? [pid 6002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached <unfinished ...> [pid 6005] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6005 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6005] chdir("./53") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] write(1, "executing program\n", 18executing program ) = 18 [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6005] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777) = 0 [ 107.996085][ T6005] loop0: detected capacity change from 0 to 512 [pid 6005] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./bus") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6005] mkdir("./bus", 0777) = 0 [pid 6005] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6005] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 108.034310][ T6005] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/53/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6005] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6005] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6005] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6005] exit_group(0) = ? [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached <unfinished ...> [pid 6008] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6008 [pid 6008] chdir("./54") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] write(1, "executing program\n", 18executing program ) = 18 [pid 6008] memfd_create("syzkaller", 0) = 3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6008] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6008] close(3) = 0 [pid 6008] close(4) = 0 [pid 6008] mkdir("./bus", 0777) = 0 [ 108.403190][ T6008] loop0: detected capacity change from 0 to 512 [pid 6008] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6008] chdir("./bus") = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6008] mkdir("./bus", 0777) = 0 [pid 6008] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 108.444862][ T6008] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/54/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6008] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6008] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6008] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6008] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6008] exit_group(0) = ? [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached , child_tidptr=0x55556f9b6750) = 6011 [pid 6011] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6011] chdir("./55") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] write(1, "executing program\n", 18) = 18 [pid 6011] memfd_create("syzkaller", 0executing program ) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6011] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6011] close(3) = 0 [pid 6011] close(4) = 0 [pid 6011] mkdir("./bus", 0777) = 0 [ 108.693607][ T6011] loop0: detected capacity change from 0 to 512 [pid 6011] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./bus") = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 108.755040][ T6011] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/55/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6011] mkdir("./bus", 0777) = 0 [pid 6011] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6011] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6011] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6011] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6011] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6011] exit_group(0) = ? [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached , child_tidptr=0x55556f9b6750) = 6014 [pid 6014] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6014] chdir("./56") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6014] write(1, "executing program\n", 18) = 18 [pid 6014] memfd_create("syzkaller", 0) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6014] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6014] close(3) = 0 [pid 6014] close(4) = 0 [pid 6014] mkdir("./bus", 0777) = 0 [ 109.119453][ T6014] loop0: detected capacity change from 0 to 512 [pid 6014] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6014] chdir("./bus") = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 109.164288][ T6014] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/56/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6014] mkdir("./bus", 0777) = 0 [pid 6014] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6014] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6014] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6014] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6014] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6014] exit_group(0) = ? [pid 6014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x55556f9b6750) = 6017 [pid 6017] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6017] chdir("./57") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6017] write(1, "executing program\n", 18) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6017] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./bus", 0777) = 0 [ 109.434315][ T6017] loop0: detected capacity change from 0 to 512 [pid 6017] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./bus") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] mkdir("./bus", 0777) = 0 [pid 6017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 109.475241][ T6017] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/57/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6017] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6017] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6017] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6017] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x55556f9b6750) = 6021 [pid 6021] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6021] chdir("./58") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6021] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] close(4) = 0 [pid 6021] mkdir("./bus", 0777) = 0 [ 109.782132][ T6021] loop0: detected capacity change from 0 to 512 [pid 6021] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./bus") = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] mkdir("./bus", 0777) = 0 [pid 6021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6021] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6021] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6021] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6021] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [ 109.854219][ T6021] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 109.881777][ T29] kauditd_printk_skb: 21 callbacks suppressed [pid 6021] exit_group(0) = ? [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 109.881800][ T29] audit: type=1800 audit(1729998454.591:119): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached <unfinished ...> [pid 6024] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6024 [pid 6024] <... set_robust_list resumed>) = 0 [pid 6024] chdir("./59") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6024] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./bus", 0777) = 0 [ 110.225828][ T6024] loop0: detected capacity change from 0 to 512 [pid 6024] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./bus") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6024] mkdir("./bus", 0777) = 0 [pid 6024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6024] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6024] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6024] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 110.294379][ T6024] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/59/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6024] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6024] exit_group(0) = ? [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 110.330154][ T29] audit: type=1800 audit(1729998455.031:120): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 110.351270][ T29] audit: type=1800 audit(1729998455.031:121): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached <unfinished ...> [pid 6027] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6027 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6027] chdir("./60") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18) = 18 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6027] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./bus", 0777) = 0 [ 110.716888][ T6027] loop0: detected capacity change from 0 to 512 [pid 6027] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./bus") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] mkdir("./bus", 0777) = 0 [pid 6027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 110.764077][ T6027] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/60/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6027] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6027] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6027] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6027] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6027] exit_group(0) = ? [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 110.840411][ T29] audit: type=1800 audit(1729998455.541:122): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 110.861397][ T29] audit: type=1800 audit(1729998455.551:123): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached <unfinished ...> [pid 6030] set_robust_list(0x55556f9b6760, 24 <unfinished ...> [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6030 [pid 6030] <... set_robust_list resumed>) = 0 [pid 6030] chdir("./61") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3executing program ) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6030] write(1, "executing program\n", 18) = 18 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6030] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./bus", 0777) = 0 [pid 6030] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 111.067485][ T6030] loop0: detected capacity change from 0 to 512 [ 111.104094][ T6030] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/61/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6030] chdir("./bus") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] mkdir("./bus", 0777) = 0 [pid 6030] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6030] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6030] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6030] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6030] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6030] exit_group(0) = ? [pid 6030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 111.176986][ T29] audit: type=1800 audit(1729998455.881:124): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 111.198211][ T29] audit: type=1800 audit(1729998455.881:125): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached , child_tidptr=0x55556f9b6750) = 6033 [pid 6033] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6033] chdir("./62") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3executing program ) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6033] write(1, "executing program\n", 18) = 18 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6033] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6033] mkdir("./bus", 0777) = 0 [ 111.386241][ T6033] loop0: detected capacity change from 0 to 512 [pid 6033] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./bus") = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6033] mkdir("./bus", 0777) = 0 [pid 6033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6033] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [ 111.444323][ T6033] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/62/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6033] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6033] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6033] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6033] exit_group(0) = ? [pid 6033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 111.526676][ T29] audit: type=1800 audit(1729998456.231:126): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 111.547842][ T29] audit: type=1800 audit(1729998456.231:127): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6036 attached , child_tidptr=0x55556f9b6750) = 6036 [pid 6036] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6036] chdir("./63") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] write(1, "executing program\n", 18executing program ) = 18 [pid 6036] memfd_create("syzkaller", 0) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6036] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [pid 6036] mkdir("./bus", 0777) = 0 [ 111.759037][ T6036] loop0: detected capacity change from 0 to 512 [pid 6036] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6036] chdir("./bus") = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] mkdir("./bus", 0777) = 0 [pid 6036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 111.804249][ T6036] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/63/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6036] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6036] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6036] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6036] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6036] exit_group(0) = ? [pid 6036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.887507][ T29] audit: type=1800 audit(1729998456.591:128): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0 openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached , child_tidptr=0x55556f9b6750) = 6039 [pid 6039] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6039] chdir("./64") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6039] write(1, "executing program\n", 18) = 18 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6039] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./bus", 0777) = 0 [ 112.125076][ T6039] loop0: detected capacity change from 0 to 512 [pid 6039] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./bus") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] mkdir("./bus", 0777) = 0 [pid 6039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 112.174054][ T6039] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/64/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6039] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6039] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6039] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [pid 6039] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6039] exit_group(0) = ? [pid 6039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached <unfinished ...> [pid 6042] set_robust_list(0x55556f9b6760, 24) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6042 [pid 6042] chdir("./65") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6042] write(1, "executing program\n", 18) = 18 [pid 6042] memfd_create("syzkaller", 0) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6042] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [ 112.455731][ T6042] loop0: detected capacity change from 0 to 512 [pid 6042] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6042] mkdir("./bus", 0777) = 0 [pid 6042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6042] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6042] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6042] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 112.514233][ T6042] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/65/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 6042] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument) [pid 6042] exit_group(0) = ? [pid 6042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached , child_tidptr=0x55556f9b6750) = 6045 [pid 6045] set_robust_list(0x55556f9b6760, 24) = 0 [pid 6045] chdir("./66") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6045] write(1, "executing program\n", 18) = 18 executing program [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 6045] munmap(0x7f4f46e00000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./bus", 0777) = 0 [ 112.772813][ T6045] loop0: detected capacity change from 0 to 512 [pid 6045] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./bus") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] mkdir("./bus", 0777) = 0 [pid 6045] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6045] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0 [pid 6045] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0 [pid 6045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4 [pid 6045] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5 [ 112.824709][ T6045] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/66/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.891300][ T6045] ------------[ cut here ]------------ [ 112.896782][ T6045] Looking for class "&ei->i_data_sem" with key __key.0, but found a different class "&ei->i_data_sem" with the same key [ 112.909396][ T6045] WARNING: CPU: 1 PID: 6045 at kernel/locking/lockdep.c:936 look_up_lock_class+0x140/0x150 [ 112.919414][ T6045] Modules linked in: [ 112.923309][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz-executor372 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0 [ 112.934428][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 112.944589][ T6045] RIP: 0010:look_up_lock_class+0x140/0x150 [ 112.950425][ T6045] Code: c7 c7 e0 cf 6c 8b e8 df 6c 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 77 25 27 05 01 90 48 c7 c7 c0 d2 6c 8b e8 c1 6c 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 [ 112.970060][ T6045] RSP: 0018:ffffc90003ec7658 EFLAGS: 00010082 [ 112.976135][ T6045] RAX: 0000000000000000 RBX: ffffffff96e7ab00 RCX: ffffffff814e71c9 [ 112.984108][ T6045] RDX: ffff88802fc13c00 RSI: ffffffff814e71d6 RDI: 0000000000000001 [ 112.992081][ T6045] RBP: ffffffff9a8f32c1 R08: 0000000000000001 R09: 0000000000000000 [ 113.000052][ T6045] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff8880749a2040 [ 113.008023][ T6045] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a824820 [ 113.015994][ T6045] FS: 000055556f9b6480(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 113.024929][ T6045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.031602][ T6045] CR2: 000000002000e000 CR3: 00000000253e8000 CR4: 0000000000350ef0 [ 113.039577][ T6045] Call Trace: [ 113.042852][ T6045] <TASK> [ 113.045780][ T6045] ? __warn+0xea/0x3d0 [ 113.049871][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.055514][ T6045] ? look_up_lock_class+0x140/0x150 [ 113.060735][ T6045] ? report_bug+0x3c0/0x580 [ 113.065264][ T6045] ? handle_bug+0x54/0xa0 [ 113.069607][ T6045] ? exc_invalid_op+0x17/0x50 [ 113.074298][ T6045] ? asm_exc_invalid_op+0x1a/0x20 [ 113.079346][ T6045] ? __warn_printk+0x199/0x350 [ 113.084130][ T6045] ? __warn_printk+0x1a6/0x350 [ 113.089028][ T6045] ? look_up_lock_class+0x140/0x150 [ 113.094291][ T6045] ? look_up_lock_class+0x13f/0x150 [ 113.099520][ T6045] ? register_lock_class+0xb1/0x1240 [ 113.104819][ T6045] register_lock_class+0xb1/0x1240 [ 113.109942][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.115584][ T6045] ? find_held_lock+0x2d/0x110 [ 113.120361][ T6045] ? __pfx_register_lock_class+0x10/0x10 [ 113.126003][ T6045] ? __pfx_register_lock_class+0x10/0x10 [ 113.131638][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.137279][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.142920][ T6045] __lock_acquire+0x135/0x3ce0 [ 113.147696][ T6045] ? __pfx___lock_acquire+0x10/0x10 [ 113.152896][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.158536][ T6045] ? kernel_text_address+0x8d/0x100 [ 113.163741][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.169383][ T6045] lock_acquire.part.0+0x11b/0x380 [ 113.174498][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.179706][ T6045] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 113.185343][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.190979][ T6045] ? rcu_is_watching+0x12/0xc0 [ 113.195762][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.201398][ T6045] ? trace_lock_acquire+0x14a/0x1d0 [ 113.206610][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.212256][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.217459][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.223095][ T6045] ? lock_acquire+0x2f/0xb0 [ 113.227599][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.232807][ T6045] down_write_nested+0x97/0x210 [ 113.237687][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.242905][ T6045] ? __pfx_down_write_nested+0x10/0x10 [ 113.248396][ T6045] ? hlock_class+0x4e/0x130 [ 113.252912][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.258571][ T6045] ext4_move_extents+0x3e1/0x3940 [ 113.263606][ T6045] ? __pfx___lock_acquire+0x10/0x10 [ 113.268813][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.274452][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.280089][ T6045] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 113.285727][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.291367][ T6045] ? rcu_is_watching+0x12/0xc0 [ 113.296162][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.301798][ T6045] ? trace_lock_acquire+0x14a/0x1d0 [ 113.307008][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.312646][ T6045] ? __pfx_ext4_move_extents+0x10/0x10 [ 113.318115][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.323756][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.329401][ T6045] __ext4_ioctl+0x3b00/0x4630 [ 113.334090][ T6045] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 113.340099][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.345737][ T6045] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.351662][ T6045] ? __pfx___ext4_ioctl+0x10/0x10 [ 113.356696][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.362333][ T6045] ? do_vfs_ioctl+0x513/0x1990 [ 113.367107][ T6045] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 113.372142][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.377780][ T6045] ? do_raw_spin_lock+0x12d/0x2c0 [ 113.382825][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.388474][ T6045] ? __pfx_ext4_ioctl+0x10/0x10 [ 113.393338][ T6045] __x64_sys_ioctl+0x192/0x220 [ 113.398114][ T6045] do_syscall_64+0xcd/0x250 [ 113.402624][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.408540][ T6045] RIP: 0033:0x7f4f4f2ecaa9 [ 113.412957][ T6045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 113.432587][ T6045] RSP: 002b:00007ffef2de1e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.441007][ T6045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4f4f2ecaa9 [ 113.448978][ T6045] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005 [ 113.456948][ T6045] RBP: 0000000000000000 R08: 00007ffef2de1e9c R09: 00007ffef2de1e9c [ 113.464920][ T6045] R10: 00007ffef2de1e9c R11: 0000000000000246 R12: 00007ffef2de1e9c [ 113.472909][ T6045] R13: 0000000000000042 R14: 431bde82d7b634db R15: 00007ffef2de1ed0 [ 113.480907][ T6045] </TASK> [ 113.483924][ T6045] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 113.491196][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz-executor372 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0 [ 113.502325][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.512377][ T6045] Call Trace: [ 113.515673][ T6045] <TASK> [ 113.518606][ T6045] dump_stack_lvl+0x3d/0x1f0 [ 113.523217][ T6045] panic+0x71d/0x800 [ 113.527132][ T6045] ? __pfx_panic+0x10/0x10 [ 113.531565][ T6045] ? show_trace_log_lvl+0x29d/0x3d0 [ 113.536779][ T6045] ? check_panic_on_warn+0x1f/0xb0 [ 113.541931][ T6045] ? look_up_lock_class+0x140/0x150 [ 113.547178][ T6045] check_panic_on_warn+0xab/0xb0 [ 113.552138][ T6045] __warn+0xf6/0x3d0 [ 113.556053][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.561695][ T6045] ? look_up_lock_class+0x140/0x150 [ 113.566918][ T6045] report_bug+0x3c0/0x580 [ 113.571290][ T6045] handle_bug+0x54/0xa0 [ 113.575455][ T6045] exc_invalid_op+0x17/0x50 [ 113.579970][ T6045] asm_exc_invalid_op+0x1a/0x20 [ 113.584842][ T6045] RIP: 0010:look_up_lock_class+0x140/0x150 [ 113.590675][ T6045] Code: c7 c7 e0 cf 6c 8b e8 df 6c 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 77 25 27 05 01 90 48 c7 c7 c0 d2 6c 8b e8 c1 6c 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 [ 113.610287][ T6045] RSP: 0018:ffffc90003ec7658 EFLAGS: 00010082 [ 113.616360][ T6045] RAX: 0000000000000000 RBX: ffffffff96e7ab00 RCX: ffffffff814e71c9 [ 113.624418][ T6045] RDX: ffff88802fc13c00 RSI: ffffffff814e71d6 RDI: 0000000000000001 [ 113.632388][ T6045] RBP: ffffffff9a8f32c1 R08: 0000000000000001 R09: 0000000000000000 [ 113.640360][ T6045] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff8880749a2040 [ 113.648349][ T6045] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a824820 [ 113.656325][ T6045] ? __warn_printk+0x199/0x350 [ 113.661113][ T6045] ? __warn_printk+0x1a6/0x350 [ 113.665906][ T6045] ? look_up_lock_class+0x13f/0x150 [ 113.671214][ T6045] ? register_lock_class+0xb1/0x1240 [ 113.676507][ T6045] register_lock_class+0xb1/0x1240 [ 113.681622][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.687265][ T6045] ? find_held_lock+0x2d/0x110 [ 113.692045][ T6045] ? __pfx_register_lock_class+0x10/0x10 [ 113.697690][ T6045] ? __pfx_register_lock_class+0x10/0x10 [ 113.703329][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.708970][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.714612][ T6045] __lock_acquire+0x135/0x3ce0 [ 113.719476][ T6045] ? __pfx___lock_acquire+0x10/0x10 [ 113.724694][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.730332][ T6045] ? kernel_text_address+0x8d/0x100 [ 113.735550][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.741193][ T6045] lock_acquire.part.0+0x11b/0x380 [ 113.746308][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.751513][ T6045] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 113.757148][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.762786][ T6045] ? rcu_is_watching+0x12/0xc0 [ 113.767560][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.773285][ T6045] ? trace_lock_acquire+0x14a/0x1d0 [ 113.778497][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.784134][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.789339][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.794980][ T6045] ? lock_acquire+0x2f/0xb0 [ 113.799484][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.804692][ T6045] down_write_nested+0x97/0x210 [ 113.809552][ T6045] ? ext4_move_extents+0x3e1/0x3940 [ 113.814761][ T6045] ? __pfx_down_write_nested+0x10/0x10 [ 113.820234][ T6045] ? hlock_class+0x4e/0x130 [ 113.824750][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.830394][ T6045] ext4_move_extents+0x3e1/0x3940 [ 113.835430][ T6045] ? __pfx___lock_acquire+0x10/0x10 [ 113.840635][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.846278][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.851921][ T6045] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 113.857559][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.863206][ T6045] ? rcu_is_watching+0x12/0xc0 [ 113.867985][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.873643][ T6045] ? trace_lock_acquire+0x14a/0x1d0 [ 113.878863][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.884509][ T6045] ? __pfx_ext4_move_extents+0x10/0x10 [ 113.889975][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.895616][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.901260][ T6045] __ext4_ioctl+0x3b00/0x4630 [ 113.905954][ T6045] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 113.911954][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.917592][ T6045] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.923514][ T6045] ? __pfx___ext4_ioctl+0x10/0x10 [ 113.928551][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.934190][ T6045] ? do_vfs_ioctl+0x513/0x1990 [ 113.938982][ T6045] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 113.944017][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.949660][ T6045] ? do_raw_spin_lock+0x12d/0x2c0 [ 113.954706][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.960353][ T6045] ? __pfx_ext4_ioctl+0x10/0x10 [ 113.965216][ T6045] __x64_sys_ioctl+0x192/0x220 [ 113.969993][ T6045] do_syscall_64+0xcd/0x250 [ 113.974504][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.980421][ T6045] RIP: 0033:0x7f4f4f2ecaa9 [ 113.984837][ T6045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 114.004633][ T6045] RSP: 002b:00007ffef2de1e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 114.013062][ T6045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4f4f2ecaa9 [ 114.021037][ T6045] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005 [ 114.029015][ T6045] RBP: 0000000000000000 R08: 00007ffef2de1e9c R09: 00007ffef2de1e9c [ 114.037007][ T6045] R10: 00007ffef2de1e9c R11: 0000000000000246 R12: 00007ffef2de1e9c [ 114.044981][ T6045] R13: 0000000000000042 R14: 431bde82d7b634db R15: 00007ffef2de1ed0 [ 114.052966][ T6045] </TASK> [ 114.056244][ T6045] Kernel Offset: disabled [ 114.060573][ T6045] Rebooting in 86400 seconds..