./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor350180814 <...> DUID 00:04:7b:a2:e0:73:6b:5f:a9:8e:d4:f6:53:82:b5:31:a7:5e forked to background, child pid 4646 [ 40.486639][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.520707][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.104' (ECDSA) to the list of known hosts. execve("./syz-executor350180814", ["./syz-executor350180814"], 0x7ffcfe566710 /* 10 vars */) = 0 brk(NULL) = 0x5555563ea000 brk(0x5555563eac40) = 0x5555563eac40 arch_prctl(ARCH_SET_FS, 0x5555563ea300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor350180814", 4096) = 27 brk(0x55555640bc40) = 0x55555640bc40 brk(0x55555640c000) = 0x55555640c000 mprotect(0x7f213aaa7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5072 mkdir("./syzkaller.p0aSFK", 0700) = 0 chmod("./syzkaller.p0aSFK", 0777) = 0 chdir("./syzkaller.p0aSFK") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] chdir("./0") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5073] munmap(0x7f21325eb000, 2097152) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 68.119469][ T5073] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5073 'syz-executor350' [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [ 68.161319][ T5073] loop0: detected capacity change from 0 to 4096 [ 68.185780][ T5073] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.193958][ T5073] NILFS (loop0): trying rollback from an earlier position [pid 5073] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] creat("./bus", 000) = 4 [pid 5073] open("./bus", O_RDONLY) = 5 [pid 5073] creat("./bus", 000) = 6 [ 68.212051][ T5073] NILFS (loop0): recovery complete [ 68.221375][ T5075] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5073] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5073] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5073] rename("./file1", "./bus") = 0 [pid 5073] sendfile(4, 5, NULL, 109823) = 109823 [pid 5073] exit_group(0) = ? [ 68.249069][ T27] audit: type=1804 audit(1677522255.065:2): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/0/file0/bus" dev="loop0" ino=12 res=1 errno=0 [ 68.271722][ T27] audit: type=1804 audit(1677522255.075:3): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/0/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] chdir("./1") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5076] munmap(0x7f21325eb000, 2097152) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file0", 0777) = 0 [ 68.437086][ T5076] loop0: detected capacity change from 0 to 4096 [ 68.455717][ T5076] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.463843][ T5076] NILFS (loop0): trying rollback from an earlier position [ 68.478584][ T5076] NILFS (loop0): recovery complete [pid 5076] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file0") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] creat("./bus", 000) = 4 [pid 5076] open("./bus", O_RDONLY) = 5 [ 68.485437][ T5077] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.505613][ T27] audit: type=1804 audit(1677522255.325:4): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/1/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5076] creat("./bus", 000) = 6 [pid 5076] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5076] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5076] rename("./file1", "./bus") = 0 [pid 5076] sendfile(4, 5, NULL, 109823) = 109823 [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 68.530422][ T27] audit: type=1804 audit(1677522255.355:5): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/1/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] chdir("./2") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5078] munmap(0x7f21325eb000, 2097152) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [ 68.672700][ T5078] loop0: detected capacity change from 0 to 4096 [ 68.691035][ T5078] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.699145][ T5078] NILFS (loop0): trying rollback from an earlier position [ 68.715034][ T5078] NILFS (loop0): recovery complete [pid 5078] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] creat("./bus", 000) = 4 [pid 5078] open("./bus", O_RDONLY) = 5 [ 68.722019][ T5079] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5078] creat("./bus", 000) = 6 [pid 5078] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5078] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5078] rename("./file1", "./bus") = 0 [pid 5078] sendfile(4, 5, NULL, 109823) = 109823 [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 68.752609][ T27] audit: type=1804 audit(1677522255.575:6): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/2/file0/bus" dev="loop0" ino=12 res=1 errno=0 [ 68.774793][ T27] audit: type=1804 audit(1677522255.575:7): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/2/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] chdir("./3") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5080] munmap(0x7f21325eb000, 2097152) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [ 68.926624][ T5080] loop0: detected capacity change from 0 to 4096 [ 68.944703][ T5080] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.952788][ T5080] NILFS (loop0): trying rollback from an earlier position [ 68.966989][ T5080] NILFS (loop0): recovery complete [pid 5080] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] creat("./bus", 000) = 4 [pid 5080] open("./bus", O_RDONLY) = 5 [pid 5080] creat("./bus", 000) = 6 [ 68.973338][ T5081] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.995712][ T27] audit: type=1804 audit(1677522255.815:8): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/3/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5080] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5080] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5080] rename("./file1", "./bus") = 0 [pid 5080] sendfile(4, 5, NULL, 109823) = 109823 [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 69.020972][ T27] audit: type=1804 audit(1677522255.845:9): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/3/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] chdir("./4") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5082] munmap(0x7f21325eb000, 2097152) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file0", 0777) = 0 [ 69.181295][ T5082] loop0: detected capacity change from 0 to 4096 [ 69.200751][ T5082] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.208805][ T5082] NILFS (loop0): trying rollback from an earlier position [ 69.224305][ T5082] NILFS (loop0): recovery complete [pid 5082] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file0") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] creat("./bus", 000) = 4 [pid 5082] open("./bus", O_RDONLY) = 5 [pid 5082] creat("./bus", 000) = 6 [pid 5082] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5082] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5082] rename("./file1", "./bus") = 0 [ 69.230395][ T5083] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.252053][ T27] audit: type=1804 audit(1677522256.075:10): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/4/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5082] sendfile(4, 5, NULL, 109823) = 109823 [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 69.285863][ T27] audit: type=1804 audit(1677522256.075:11): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/4/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] chdir("./5") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5084] munmap(0x7f21325eb000, 2097152) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [ 69.419019][ T5084] loop0: detected capacity change from 0 to 4096 [ 69.440594][ T5084] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.448800][ T5084] NILFS (loop0): trying rollback from an earlier position [pid 5084] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file0") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] creat("./bus", 000) = 4 [pid 5084] open("./bus", O_RDONLY) = 5 [pid 5084] creat("./bus", 000) = 6 [pid 5084] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5084] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5084] rename("./file1", "./bus") = 0 [ 69.466127][ T5084] NILFS (loop0): recovery complete [ 69.473300][ T5085] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5084] sendfile(4, 5, NULL, 109823) = 109823 [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] chdir("./6") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5086] munmap(0x7f21325eb000, 2097152) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 69.626275][ T5086] loop0: detected capacity change from 0 to 4096 [ 69.642549][ T5086] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.650605][ T5086] NILFS (loop0): trying rollback from an earlier position [ 69.664402][ T5086] NILFS (loop0): recovery complete [pid 5086] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] creat("./bus", 000) = 4 [pid 5086] open("./bus", O_RDONLY) = 5 [pid 5086] creat("./bus", 000) = 6 [pid 5086] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5086] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5086] rename("./file1", "./bus") = 0 [ 69.671237][ T5087] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5086] sendfile(4, 5, NULL, 109823) = 109823 [pid 5086] exit_group(0) = ? [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5088] chdir("./7") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5088] munmap(0x7f21325eb000, 2097152) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file0", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 69.841087][ T5088] loop0: detected capacity change from 0 to 4096 [ 69.857921][ T5088] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.866169][ T5088] NILFS (loop0): trying rollback from an earlier position [ 69.880405][ T5088] NILFS (loop0): recovery complete [pid 5088] chdir("./file0") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] creat("./bus", 000) = 4 [pid 5088] open("./bus", O_RDONLY) = 5 [pid 5088] creat("./bus", 000) = 6 [pid 5088] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5088] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5088] rename("./file1", "./bus") = 0 [ 69.887932][ T5089] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5088] sendfile(4, 5, NULL, 109823) = 109823 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] chdir("./8") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5090] munmap(0x7f21325eb000, 2097152) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [ 70.065116][ T5090] loop0: detected capacity change from 0 to 4096 [ 70.084914][ T5090] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.093033][ T5090] NILFS (loop0): trying rollback from an earlier position [ 70.107274][ T5090] NILFS (loop0): recovery complete [pid 5090] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] creat("./bus", 000) = 4 [pid 5090] open("./bus", O_RDONLY) = 5 [pid 5090] creat("./bus", 000) = 6 [pid 5090] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5090] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5090] rename("./file1", "./bus") = 0 [ 70.113827][ T5091] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5090] sendfile(4, 5, NULL, 109823) = 109823 [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] chdir("./9") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5092] munmap(0x7f21325eb000, 2097152) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file0", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [ 70.265608][ T5092] loop0: detected capacity change from 0 to 4096 [ 70.284271][ T5092] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.292425][ T5092] NILFS (loop0): trying rollback from an earlier position [ 70.306652][ T5092] NILFS (loop0): recovery complete [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file0") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] creat("./bus", 000) = 4 [pid 5092] open("./bus", O_RDONLY) = 5 [pid 5092] creat("./bus", 000) = 6 [pid 5092] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5092] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5092] rename("./file1", "./bus") = 0 [ 70.314006][ T5093] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5092] sendfile(4, 5, NULL, 109823) = 109823 [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] chdir("./10") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f21325eb000, 2097152) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [ 70.494794][ T5094] loop0: detected capacity change from 0 to 4096 [ 70.511161][ T5094] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.519304][ T5094] NILFS (loop0): trying rollback from an earlier position [ 70.533838][ T5094] NILFS (loop0): recovery complete [pid 5094] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file0") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] creat("./bus", 000) = 4 [pid 5094] open("./bus", O_RDONLY) = 5 [pid 5094] creat("./bus", 000) = 6 [pid 5094] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5094] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5094] rename("./file1", "./bus") = 0 [ 70.540542][ T5095] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5094] sendfile(4, 5, NULL, 109823) = 109823 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] chdir("./11") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5096] munmap(0x7f21325eb000, 2097152) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [ 70.704471][ T5096] loop0: detected capacity change from 0 to 4096 [ 70.722938][ T5096] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.731025][ T5096] NILFS (loop0): trying rollback from an earlier position [ 70.746356][ T5096] NILFS (loop0): recovery complete [pid 5096] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] creat("./bus", 000) = 4 [pid 5096] open("./bus", O_RDONLY) = 5 [pid 5096] creat("./bus", 000) = 6 [pid 5096] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5096] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5096] rename("./file1", "./bus") = 0 [ 70.752617][ T5097] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5096] sendfile(4, 5, NULL, 109823) = 109823 [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] chdir("./12") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5098] munmap(0x7f21325eb000, 2097152) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file0", 0777) = 0 [ 70.912946][ T5098] loop0: detected capacity change from 0 to 4096 [ 70.932761][ T5098] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.940857][ T5098] NILFS (loop0): trying rollback from an earlier position [ 70.956119][ T5098] NILFS (loop0): recovery complete [pid 5098] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file0") = 0 [pid 5098] ioctl(4, LOOP_CLR_FD) = 0 [pid 5098] close(4) = 0 [pid 5098] creat("./bus", 000) = 4 [pid 5098] open("./bus", O_RDONLY) = 5 [pid 5098] creat("./bus", 000) = 6 [pid 5098] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5098] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5098] rename("./file1", "./bus") = 0 [ 70.962462][ T5099] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5098] sendfile(4, 5, NULL, 109823) = 109823 [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] chdir("./13") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5100] munmap(0x7f21325eb000, 2097152) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [ 71.146573][ T5100] loop0: detected capacity change from 0 to 4096 [ 71.165528][ T5100] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.173612][ T5100] NILFS (loop0): trying rollback from an earlier position [ 71.188446][ T5100] NILFS (loop0): recovery complete [pid 5100] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] creat("./bus", 000) = 4 [pid 5100] open("./bus", O_RDONLY) = 5 [pid 5100] creat("./bus", 000) = 6 [pid 5100] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5100] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5100] rename("./file1", "./bus") = 0 [ 71.194437][ T5101] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5100] sendfile(4, 5, NULL, 109823) = 109823 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] chdir("./14") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5102] munmap(0x7f21325eb000, 2097152) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file0", 0777) = 0 [ 71.368623][ T5102] loop0: detected capacity change from 0 to 4096 [ 71.387909][ T5102] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.395987][ T5102] NILFS (loop0): trying rollback from an earlier position [ 71.410707][ T5102] NILFS (loop0): recovery complete [pid 5102] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file0") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] creat("./bus", 000) = 4 [pid 5102] open("./bus", O_RDONLY) = 5 [pid 5102] creat("./bus", 000) = 6 [pid 5102] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5102] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5102] rename("./file1", "./bus") = 0 [ 71.417044][ T5103] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5102] sendfile(4, 5, NULL, 109823) = 109823 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5104 ./strace-static-x86_64: Process 5104 attached [pid 5104] chdir("./15") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5104] munmap(0x7f21325eb000, 2097152) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./file0", 0777) = 0 [ 71.593693][ T5104] loop0: detected capacity change from 0 to 4096 [ 71.615369][ T5104] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.623682][ T5104] NILFS (loop0): trying rollback from an earlier position [pid 5104] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file0") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] creat("./bus", 000) = 4 [pid 5104] open("./bus", O_RDONLY) = 5 [pid 5104] creat("./bus", 000) = 6 [pid 5104] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5104] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5104] rename("./file1", "./bus") = 0 [ 71.640553][ T5104] NILFS (loop0): recovery complete [ 71.647030][ T5105] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5104] sendfile(4, 5, NULL, 109823) = 109823 [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5106] chdir("./16") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5106] munmap(0x7f21325eb000, 2097152) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [ 71.818656][ T5106] loop0: detected capacity change from 0 to 4096 [ 71.839082][ T5106] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.847269][ T5106] NILFS (loop0): trying rollback from an earlier position [pid 5106] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] creat("./bus", 000) = 4 [pid 5106] open("./bus", O_RDONLY) = 5 [pid 5106] creat("./bus", 000) = 6 [pid 5106] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5106] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5106] rename("./file1", "./bus") = 0 [ 71.864695][ T5106] NILFS (loop0): recovery complete [ 71.870818][ T5107] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5106] sendfile(4, 5, NULL, 109823) = 109823 [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] chdir("./17") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5108] munmap(0x7f21325eb000, 2097152) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file0", 0777) = 0 [ 72.052946][ T5108] loop0: detected capacity change from 0 to 4096 [ 72.072937][ T5108] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.081048][ T5108] NILFS (loop0): trying rollback from an earlier position [ 72.096085][ T5108] NILFS (loop0): recovery complete [pid 5108] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file0") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] creat("./bus", 000) = 4 [pid 5108] open("./bus", O_RDONLY) = 5 [pid 5108] creat("./bus", 000) = 6 [pid 5108] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5108] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5108] rename("./file1", "./bus") = 0 [ 72.103084][ T5109] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5108] sendfile(4, 5, NULL, 109823) = 109823 [pid 5108] exit_group(0) = ? [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] chdir("./18") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5110] munmap(0x7f21325eb000, 2097152) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [ 72.359899][ T5110] loop0: detected capacity change from 0 to 4096 [ 72.381096][ T5110] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.389604][ T5110] NILFS (loop0): trying rollback from an earlier position [ 72.404540][ T5110] NILFS (loop0): recovery complete [pid 5110] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] creat("./bus", 000) = 4 [pid 5110] open("./bus", O_RDONLY) = 5 [pid 5110] creat("./bus", 000) = 6 [pid 5110] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5110] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5110] rename("./file1", "./bus") = 0 [ 72.410484][ T5111] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5110] sendfile(4, 5, NULL, 109823) = 109823 [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] chdir("./19") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5112] munmap(0x7f21325eb000, 2097152) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file0", 0777) = 0 [ 72.572962][ T5112] loop0: detected capacity change from 0 to 4096 [ 72.591156][ T5112] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.599314][ T5112] NILFS (loop0): trying rollback from an earlier position [ 72.613973][ T5112] NILFS (loop0): recovery complete [pid 5112] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file0") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] creat("./bus", 000) = 4 [pid 5112] open("./bus", O_RDONLY) = 5 [pid 5112] creat("./bus", 000) = 6 [pid 5112] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5112] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5112] rename("./file1", "./bus") = 0 [ 72.620173][ T5113] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5112] sendfile(4, 5, NULL, 109823) = 109823 [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5114 ./strace-static-x86_64: Process 5114 attached [pid 5114] chdir("./20") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f21325eb000, 2097152) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [ 72.793567][ T5114] loop0: detected capacity change from 0 to 4096 [ 72.813033][ T5114] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.821050][ T5114] NILFS (loop0): trying rollback from an earlier position [ 72.836120][ T5114] NILFS (loop0): recovery complete [pid 5114] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] creat("./bus", 000) = 4 [pid 5114] open("./bus", O_RDONLY) = 5 [pid 5114] creat("./bus", 000) = 6 [pid 5114] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5114] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5114] rename("./file1", "./bus") = 0 [ 72.842511][ T5115] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5114] sendfile(4, 5, NULL, 109823) = 109823 [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] chdir("./21") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5116] munmap(0x7f21325eb000, 2097152) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [ 73.007785][ T5116] loop0: detected capacity change from 0 to 4096 [ 73.029141][ T5116] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.037244][ T5116] NILFS (loop0): trying rollback from an earlier position [ 73.051554][ T5116] NILFS (loop0): recovery complete [pid 5116] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] creat("./bus", 000) = 4 [pid 5116] open("./bus", O_RDONLY) = 5 [pid 5116] creat("./bus", 000) = 6 [pid 5116] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5116] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5116] rename("./file1", "./bus") = 0 [ 73.058150][ T5117] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5116] sendfile(4, 5, NULL, 109823) = 109823 [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5118] chdir("./22") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5118] munmap(0x7f21325eb000, 2097152) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file0", 0777) = 0 [ 73.236500][ T5118] loop0: detected capacity change from 0 to 4096 [ 73.253354][ T5118] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.261556][ T5118] NILFS (loop0): trying rollback from an earlier position [ 73.277315][ T5118] NILFS (loop0): recovery complete [pid 5118] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file0") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] creat("./bus", 000) = 4 [pid 5118] open("./bus", O_RDONLY) = 5 [pid 5118] creat("./bus", 000) = 6 [ 73.283528][ T5119] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.299522][ T27] kauditd_printk_skb: 34 callbacks suppressed [ 73.299537][ T27] audit: type=1804 audit(1677522260.115:46): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/22/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5118] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5118] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5118] rename("./file1", "./bus") = 0 [pid 5118] sendfile(4, 5, NULL, 109823) = 109823 [pid 5118] exit_group(0) = ? [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 73.331573][ T27] audit: type=1804 audit(1677522260.155:47): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/22/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] chdir("./23") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5120] munmap(0x7f21325eb000, 2097152) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [ 73.484223][ T5120] loop0: detected capacity change from 0 to 4096 [ 73.502654][ T5120] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.510741][ T5120] NILFS (loop0): trying rollback from an earlier position [ 73.526099][ T5120] NILFS (loop0): recovery complete [pid 5120] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] creat("./bus", 000) = 4 [pid 5120] open("./bus", O_RDONLY) = 5 [pid 5120] creat("./bus", 000) = 6 [pid 5120] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5120] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [ 73.532562][ T5121] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.554316][ T27] audit: type=1804 audit(1677522260.375:48): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/23/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5120] rename("./file1", "./bus") = 0 [pid 5120] sendfile(4, 5, NULL, 109823) = 109823 [pid 5120] exit_group(0) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 73.578207][ T27] audit: type=1804 audit(1677522260.395:49): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/23/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] chdir("./24") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5122] munmap(0x7f21325eb000, 2097152) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file0", 0777) = 0 [ 73.710348][ T5122] loop0: detected capacity change from 0 to 4096 [ 73.730159][ T5122] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.738345][ T5122] NILFS (loop0): trying rollback from an earlier position [pid 5122] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file0") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] creat("./bus", 000) = 4 [pid 5122] open("./bus", O_RDONLY) = 5 [pid 5122] creat("./bus", 000) = 6 [pid 5122] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5122] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [ 73.755883][ T5122] NILFS (loop0): recovery complete [ 73.771619][ T5123] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5122] rename("./file1", "./bus") = 0 [pid 5122] sendfile(4, 5, NULL, 109823) = 109823 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 73.789681][ T27] audit: type=1804 audit(1677522260.605:50): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/24/file0/bus" dev="loop0" ino=12 res=1 errno=0 [ 73.813180][ T27] audit: type=1804 audit(1677522260.615:51): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/24/file0/bus" dev="loop0" ino=12 res=1 errno=0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] chdir("./25") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5124] munmap(0x7f21325eb000, 2097152) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file0", 0777) = 0 [ 73.963125][ T5124] loop0: detected capacity change from 0 to 4096 [ 73.981101][ T5124] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.989519][ T5124] NILFS (loop0): trying rollback from an earlier position [ 74.004531][ T5124] NILFS (loop0): recovery complete [pid 5124] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file0") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] creat("./bus", 000) = 4 [pid 5124] open("./bus", O_RDONLY) = 5 [pid 5124] creat("./bus", 000) = 6 [ 74.011025][ T5125] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.037811][ T27] audit: type=1804 audit(1677522260.855:52): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/25/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5124] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5124] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5124] rename("./file1", "./bus") = 0 [pid 5124] sendfile(4, 5, NULL, 109823) = 109823 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 74.060834][ T27] audit: type=1804 audit(1677522260.865:53): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/25/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5126] chdir("./26") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5126] munmap(0x7f21325eb000, 2097152) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 74.201340][ T5126] loop0: detected capacity change from 0 to 4096 [ 74.219678][ T5126] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.228557][ T5126] NILFS (loop0): trying rollback from an earlier position [ 74.243482][ T5126] NILFS (loop0): recovery complete [pid 5126] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] creat("./bus", 000) = 4 [pid 5126] open("./bus", O_RDONLY) = 5 [pid 5126] creat("./bus", 000) = 6 [ 74.249949][ T5127] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.277002][ T27] audit: type=1804 audit(1677522261.095:54): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor350" name="/root/syzkaller.p0aSFK/26/file0/bus" dev="loop0" ino=12 res=1 errno=0 [pid 5126] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5126] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5126] rename("./file1", "./bus") = 0 [pid 5126] sendfile(4, 5, NULL, 109823) = 109823 [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 [ 74.299499][ T27] audit: type=1804 audit(1677522261.105:55): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor350" name="/root/syzkaller.p0aSFK/26/file0/bus" dev="loop0" ino=12 res=1 errno=0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] chdir("./27") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5072] <... clone resumed>, child_tidptr=0x5555563ea5d0) = 5128 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5128] munmap(0x7f21325eb000, 2097152) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] mkdir("./file0", 0777) = 0 [ 74.461761][ T5128] loop0: detected capacity change from 0 to 4096 [ 74.480935][ T5128] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.489117][ T5128] NILFS (loop0): trying rollback from an earlier position [ 74.503303][ T5128] NILFS (loop0): recovery complete [pid 5128] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file0") = 0 [pid 5128] ioctl(4, LOOP_CLR_FD) = 0 [pid 5128] close(4) = 0 [pid 5128] creat("./bus", 000) = 4 [pid 5128] open("./bus", O_RDONLY) = 5 [pid 5128] creat("./bus", 000) = 6 [pid 5128] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5128] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5128] rename("./file1", "./bus") = 0 [ 74.509380][ T5129] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5128] sendfile(4, 5, NULL, 109823) = 109823 [pid 5128] exit_group(0) = ? [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5130] chdir("./28") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5130] munmap(0x7f21325eb000, 2097152) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file0", 0777) = 0 [ 74.681984][ T5130] loop0: detected capacity change from 0 to 4096 [ 74.698383][ T5130] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.706465][ T5130] NILFS (loop0): trying rollback from an earlier position [ 74.725339][ T5130] NILFS (loop0): recovery complete [pid 5130] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file0") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] creat("./bus", 000) = 4 [pid 5130] open("./bus", O_RDONLY) = 5 [pid 5130] creat("./bus", 000) = 6 [pid 5130] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5130] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5130] rename("./file1", "./bus") = 0 [pid 5130] sendfile(4, 5, NULL, 109823) = 109823 [ 74.731783][ T5131] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5130] exit_group(0) = ? [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] chdir("./29") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5132] munmap(0x7f21325eb000, 2097152) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [ 74.890518][ T5132] loop0: detected capacity change from 0 to 4096 [ 74.909789][ T5132] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.917892][ T5132] NILFS (loop0): trying rollback from an earlier position [ 74.932966][ T5132] NILFS (loop0): recovery complete [pid 5132] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] creat("./bus", 000) = 4 [pid 5132] open("./bus", O_RDONLY) = 5 [pid 5132] creat("./bus", 000) = 6 [pid 5132] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5132] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5132] rename("./file1", "./bus") = 0 [ 74.939220][ T5133] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5132] sendfile(4, 5, NULL, 109823) = 109823 [pid 5132] exit_group(0) = ? [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x5555563ea5d0) = 5134 [pid 5134] chdir("./30") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5134] munmap(0x7f21325eb000, 2097152) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./file0", 0777) = 0 [ 75.116512][ T5134] loop0: detected capacity change from 0 to 4096 [ 75.136898][ T5134] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.145064][ T5134] NILFS (loop0): trying rollback from an earlier position [pid 5134] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./file0") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] creat("./bus", 000) = 4 [pid 5134] open("./bus", O_RDONLY) = 5 [pid 5134] creat("./bus", 000) = 6 [pid 5134] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5134] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5134] rename("./file1", "./bus") = 0 [ 75.163672][ T5134] NILFS (loop0): recovery complete [ 75.170889][ T5135] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5134] sendfile(4, 5, NULL, 109823) = 109823 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5136] chdir("./31") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5136] munmap(0x7f21325eb000, 2097152) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./file0", 0777) = 0 [ 75.355846][ T5136] loop0: detected capacity change from 0 to 4096 [ 75.372209][ T5136] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.380236][ T5136] NILFS (loop0): trying rollback from an earlier position [ 75.395017][ T5136] NILFS (loop0): recovery complete [pid 5136] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file0") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] creat("./bus", 000) = 4 [pid 5136] open("./bus", O_RDONLY) = 5 [pid 5136] creat("./bus", 000) = 6 [pid 5136] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5136] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [ 75.400913][ T5137] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5136] rename("./file1", "./bus") = 0 [pid 5136] sendfile(4, 5, NULL, 109823) = 109823 [pid 5136] exit_group(0) = ? [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] chdir("./32") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5138] munmap(0x7f21325eb000, 2097152) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [ 75.577188][ T5138] loop0: detected capacity change from 0 to 4096 [ 75.593752][ T5138] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.601834][ T5138] NILFS (loop0): trying rollback from an earlier position [ 75.616314][ T5138] NILFS (loop0): recovery complete [pid 5138] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] creat("./bus", 000) = 4 [pid 5138] open("./bus", O_RDONLY) = 5 [pid 5138] creat("./bus", 000) = 6 [pid 5138] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5138] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5138] rename("./file1", "./bus") = 0 [ 75.622279][ T5139] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5138] sendfile(4, 5, NULL, 109823) = 109823 [pid 5138] exit_group(0) = ? [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] chdir("./33") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5140] munmap(0x7f21325eb000, 2097152) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./file0", 0777) = 0 [ 75.801711][ T5140] loop0: detected capacity change from 0 to 4096 [ 75.820948][ T5140] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.829063][ T5140] NILFS (loop0): trying rollback from an earlier position [ 75.845160][ T5140] NILFS (loop0): recovery complete [pid 5140] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file0") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] creat("./bus", 000) = 4 [pid 5140] open("./bus", O_RDONLY) = 5 [pid 5140] creat("./bus", 000) = 6 [pid 5140] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5140] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5140] rename("./file1", "./bus") = 0 [ 75.851784][ T5141] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5140] sendfile(4, 5, NULL, 109823) = 109823 [pid 5140] exit_group(0) = ? [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5142 ./strace-static-x86_64: Process 5142 attached [pid 5142] chdir("./34") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5142] munmap(0x7f21325eb000, 2097152) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./file0", 0777) = 0 [ 76.027931][ T5142] loop0: detected capacity change from 0 to 4096 [ 76.049360][ T5142] NILFS (loop0): invalid segment: Checksum error in segment payload [ 76.057529][ T5142] NILFS (loop0): trying rollback from an earlier position [pid 5142] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file0") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] creat("./bus", 000) = 4 [pid 5142] open("./bus", O_RDONLY) = 5 [pid 5142] creat("./bus", 000) = 6 [pid 5142] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5142] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5142] rename("./file1", "./bus") = 0 [ 76.074927][ T5142] NILFS (loop0): recovery complete [ 76.080888][ T5143] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5142] sendfile(4, 5, NULL, 109823) = 109823 [pid 5142] exit_group(0) = ? [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555563eb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ea5d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] chdir("./35") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21325eb000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5144] munmap(0x7f21325eb000, 2097152) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [ 76.238014][ T5144] loop0: detected capacity change from 0 to 4096 [ 76.274936][ T5144] NILFS (loop0): invalid segment: Checksum error in segment payload [ 76.283622][ T5144] NILFS (loop0): trying rollback from an earlier position [pid 5144] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [ 76.310483][ T5144] NILFS (loop0): recovery complete [pid 5144] creat("./bus", 000) = 4 [pid 5144] open("./bus", O_RDONLY) = 5 [pid 5144] creat("./bus", 000) = 6 [pid 5144] open("./file1", O_RDONLY|O_CREAT|O_LARGEFILE|O_DIRECTORY|FASYNC, 0500) = -1 ENOTDIR (Not a directory) [pid 5144] pwritev2(6, [{iov_base=")", iov_len=1}], 1, 117443584, 0) = 1 [pid 5144] rename("./file1", "./bus") = 0 [ 76.334365][ T5145] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5144] sendfile(4, 5, NULL, 109823) = 109823 [pid 5144] exit_group(0) = ? [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563eb620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 81.353165][ T897] cfg80211: failed to load regulatory.db [ 286.152035][ T28] INFO: task syz-executor350:5072 blocked for more than 143 seconds. [ 286.160226][ T28] Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 286.167684][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.176441][ T28] task:syz-executor350 state:D stack:22120 pid:5072 ppid:5069 flags:0x00004002 [ 286.185759][ T28] Call Trace: [ 286.189064][ T28] [ 286.192061][ T28] __schedule+0x17d8/0x4990 [ 286.196717][ T28] ? look_up_lock_class+0x77/0x140 [ 286.202002][ T28] ? release_firmware_map_entry+0x190/0x190 [ 286.207922][ T28] ? rcu_read_lock_sched_held+0x8d/0x130 [ 286.213665][ T28] ? mark_lock+0x9a/0x340 [ 286.218031][ T28] schedule+0xc3/0x180 [ 286.222186][ T28] schedule_timeout+0xb0/0x310 [ 286.226992][ T28] ? console_conditional_schedule+0x40/0x40 [ 286.232967][ T28] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.238987][ T28] ? do_raw_spin_unlock+0x13b/0x8b0 [ 286.244268][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.249523][ T28] ? lockdep_hardirqs_on+0x98/0x140 [ 286.254800][ T28] do_wait_for_common+0x449/0x5f0 [ 286.259870][ T28] ? console_conditional_schedule+0x40/0x40 [ 286.265895][ T28] ? bit_wait_io_timeout+0x120/0x120 [ 286.271217][ T28] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.276466][ T28] ? start_flush_work+0x77c/0x830 [ 286.281572][ T28] wait_for_completion+0x4a/0x60 [ 286.286526][ T28] __flush_work+0x130/0x1b0 [ 286.291054][ T28] ? flush_work+0x20/0x20 [ 286.295500][ T28] ? start_flush_work+0x830/0x830 [ 286.300596][ T28] ? do_raw_spin_unlock+0x13b/0x8b0 [ 286.305903][ T28] ? finish_wait+0xcd/0x1e0 [ 286.310449][ T28] nilfs_detach_log_writer+0x4a4/0xbd0 [ 286.316000][ T28] ? __might_sleep+0xc0/0xc0 [ 286.320767][ T28] ? nilfs_attach_log_writer+0x8b0/0x8b0 [ 286.326511][ T28] ? hook_sb_delete+0xa07/0xb30 [ 286.331460][ T28] ? wake_bit_function+0x220/0x220 [ 286.336598][ T28] ? hook_inode_free_security+0xb0/0xb0 [ 286.342223][ T28] ? clear_inode+0x150/0x150 [ 286.346848][ T28] ? nilfs_free_inode+0x70/0x70 [ 286.351772][ T28] nilfs_put_super+0x4f/0x150 [ 286.356492][ T28] ? nilfs_free_inode+0x70/0x70 [ 286.361423][ T28] generic_shutdown_super+0x134/0x340 [ 286.366829][ T28] kill_block_super+0x7e/0xe0 [ 286.371597][ T28] deactivate_locked_super+0xa4/0x110 [ 286.376998][ T28] cleanup_mnt+0x490/0x520 [ 286.381490][ T28] ? lockdep_hardirqs_on+0x98/0x140 [ 286.386730][ T28] task_work_run+0x24a/0x300 [ 286.391629][ T28] ? dput+0x3a1/0x420 [ 286.395858][ T28] ? task_work_cancel+0x2b0/0x2b0 [ 286.402413][ T28] ptrace_notify+0x2cd/0x380 [ 286.407052][ T28] ? do_notify_parent+0xf50/0xf50 [ 286.412159][ T28] ? user_path_at_empty+0x12f/0x180 [ 286.417410][ T28] ? __x64_sys_umount+0x126/0x170 [ 286.422533][ T28] ? path_umount+0xef0/0xef0 [ 286.427167][ T28] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 286.433258][ T28] syscall_exit_to_user_mode+0x17a/0x2e0 [ 286.439035][ T28] do_syscall_64+0x4d/0xc0 [ 286.443560][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.449515][ T28] RIP: 0033:0x7f213aa39e07 [ 286.454013][ T28] RSP: 002b:00007ffead117e58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 286.462601][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f213aa39e07 [ 286.470603][ T28] RDX: 00007ffead117f1a RSI: 000000000000000a RDI: 00007ffead117f10 [ 286.478707][ T28] RBP: 00007ffead117f10 R08: 00000000ffffffff R09: 00007ffead117cf0 [ 286.486770][ T28] R10: 00005555563eb653 R11: 0000000000000202 R12: 00007ffead118f80 [ 286.494811][ T28] R13: 00005555563eb5f0 R14: 00007ffead117e80 R15: 0000000000000024 [ 286.502877][ T28] [ 286.505919][ T28] [ 286.505919][ T28] Showing all locks held in the system: [ 286.513725][ T28] 3 locks held by kworker/0:0/7: [ 286.518693][ T28] #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x77f/0x13a0 [ 286.529181][ T28] #1: ffffc900000c7d20 ((work_completion)(&sci->sc_iput_work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x13a0 [ 286.541077][ T28] #2: ffff888028788650 (sb_internal#2){.+.+}-{0:0}, at: nilfs_evict_inode+0x166/0x420 [ 286.550874][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.556286][ T28] #0: ffffffff8d127c70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.566936][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.572310][ T28] #0: ffffffff8d128470 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.583370][ T28] 1 lock held by khungtaskd/28: [ 286.588238][ T28] #0: ffffffff8d127aa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.597696][ T28] 2 locks held by getty/4748: [ 286.602417][ T28] #0: ffff88802d371098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.612243][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 [ 286.622434][ T28] 1 lock held by syz-executor350/5072: [ 286.627893][ T28] #0: ffff8880287880e0 (&type->s_umount_key#43){+.+.}-{3:3}, at: deactivate_super+0xad/0xf0 [ 286.638270][ T28] [ 286.640630][ T28] ============================================= [ 286.640630][ T28] [ 286.649126][ T28] NMI backtrace for cpu 1 [ 286.653474][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 286.662949][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 286.673015][ T28] Call Trace: [ 286.676303][ T28] [ 286.679240][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 286.683930][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 286.689483][ T28] ? panic+0x770/0x770 [ 286.693554][ T28] ? tick_nohz_tick_stopped+0x7b/0xb0 [ 286.699026][ T28] nmi_cpu_backtrace+0x4e5/0x560 [ 286.703983][ T28] ? vprintk_emit+0x10d/0x1f0 [ 286.708686][ T28] ? nmi_trigger_cpumask_backtrace+0x410/0x410 [ 286.714850][ T28] ? _printk+0xd5/0x120 [ 286.719025][ T28] ? panic+0x770/0x770 [ 286.723118][ T28] ? __wake_up_klogd+0xcc/0x100 [ 286.728068][ T28] ? panic+0x770/0x770 [ 286.732147][ T28] ? __rcu_read_unlock+0x96/0x100 [ 286.737189][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.743263][ T28] nmi_trigger_cpumask_backtrace+0x1b4/0x410 [ 286.749263][ T28] watchdog+0x1024/0x1070 [ 286.753616][ T28] kthread+0x270/0x300 [ 286.757695][ T28] ? hungtask_pm_notify+0x90/0x90 [ 286.762737][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.767345][ T28] ret_from_fork+0x1f/0x30 [ 286.771794][ T28] [ 286.774931][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.780292][ C0] NMI backtrace for cpu 0 [ 286.780302][ C0] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 286.780319][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 286.780329][ C0] Workqueue: events_unbound toggle_allocation_gate [ 286.780351][ C0] RIP: 0010:lock_is_held_type+0xaf/0x190 [ 286.780371][ C0] Code: 0a 00 00 00 7e 47 4c 89 ed 48 81 c5 38 0a 00 00 31 db 48 83 fb 31 73 24 48 89 ef 4c 89 fe e8 28 02 00 00 85 c0 75 2a 48 ff c3 <49> 63 85 30 0a 00 00 48 83 c5 28 48 39 c3 7c d8 eb 11 48 c7 c7 e0 [ 286.780384][ C0] RSP: 0018:ffffc900001075f8 EFLAGS: 00000002 [ 286.780396][ C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000080000002 [ 286.780406][ C0] RDX: 0000000000000000 RSI: ffffffff8d127a20 RDI: ffff8880167f44e0 [ 286.780417][ C0] RBP: ffff8880167f44e0 R08: dffffc0000000000 R09: fffffbfff1ce8fe6 [ 286.780428][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000246 [ 286.780438][ C0] R13: ffff8880167f3a80 R14: 00000000ffffffff R15: ffffffff8d127a20 [ 286.780449][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.780462][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.780472][ C0] CR2: 0000561e13f9e600 CR3: 000000000cf30000 CR4: 00000000003506f0 [ 286.780486][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.780495][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.780504][ C0] Call Trace: [ 286.780508][ C0] [ 286.780515][ C0] ? __text_poke+0x88b/0xa00 [ 286.780537][ C0] rcu_read_lock_sched_held+0x8d/0x130 [ 286.780562][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 286.780590][ C0] ? rcu_read_lock_sched_held+0x8d/0x130 [ 286.780616][ C0] lock_release+0x10f/0xab0 [ 286.780634][ C0] ? mark_lock+0x9a/0x340 [ 286.780649][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 286.780664][ C0] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.780681][ C0] ? print_irqtrace_events+0x220/0x220 [ 286.780698][ C0] ? kmem_cache_alloc+0x63/0x280 [ 286.780723][ C0] _raw_spin_unlock+0x16/0x40 [ 286.780747][ C0] __text_poke+0x88b/0xa00 [ 286.780768][ C0] ? kmem_cache_alloc+0x63/0x280 [ 286.780792][ C0] ? __text_poke+0xa00/0xa00 [ 286.780813][ C0] ? text_poke+0x90/0x90 [ 286.780832][ C0] ? kmem_cache_alloc_bulk+0xe3/0x4c0 [ 286.780847][ C0] ? perf_event_text_poke+0x258/0x330 [ 286.780870][ C0] ? perf_event_bpf_output+0x2e0/0x2e0 [ 286.780892][ C0] ? trace_contention_end+0x80/0x1e0 [ 286.780919][ C0] text_poke_bp_batch+0x66f/0x950 [ 286.780944][ C0] ? kmem_cache_alloc_bulk+0xe4/0x4c0 [ 286.780959][ C0] ? text_poke_loc_init+0x680/0x680 [ 286.780982][ C0] ? arch_jump_label_transform_queue+0x81/0xd0 [ 286.781004][ C0] text_poke_finish+0x1a/0x30 [ 286.781024][ C0] arch_jump_label_transform_apply+0x17/0x30 [ 286.781042][ C0] static_key_disable_cpuslocked+0xce/0x1b0 [ 286.781067][ C0] static_key_disable+0x1a/0x20 [ 286.781089][ C0] toggle_allocation_gate+0x1b8/0x250 [ 286.781105][ C0] ? virt_to_slab+0x2b0/0x2b0 [ 286.781120][ C0] ? wake_bit_function+0x220/0x220 [ 286.781135][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 286.781160][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 286.781179][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.781205][ C0] process_one_work+0x915/0x13a0 [ 286.781238][ C0] ? worker_detach_from_pool+0x290/0x290 [ 286.781259][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 286.781282][ C0] ? kthread_data+0x52/0xc0 [ 286.781304][ C0] ? wq_worker_running+0x9b/0x1a0 [ 286.781323][ C0] worker_thread+0xa63/0x1210 [ 286.781357][ C0] kthread+0x270/0x300 [ 286.781373][ C0] ? pr_cont_work+0x5e0/0x5e0 [ 286.781391][ C0] ? kthread_blkcg+0xd0/0xd0 [ 286.781407][ C0] ret_from_fork+0x1f/0x30 [ 286.781435][ C0] [ 286.781441][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.150 msecs [ 286.782297][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.782309][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 286.782331][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 286.782343][ T28] Call Trace: [ 286.782350][ T28] [ 286.782359][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 286.782397][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 286.782428][ T28] ? vsnprintf+0x17f/0x1d80 [ 286.782454][ T28] ? panic+0x770/0x770 [ 286.782487][ T28] ? vscnprintf+0x5d/0x80 [ 286.782518][ T28] panic+0x31c/0x770 [ 286.782541][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 286.782569][ T28] ? nmi_trigger_cpumask_backtrace+0x2d1/0x410 [ 286.782593][ T28] ? memcpy_page_flushcache+0x100/0x100 [ 286.782627][ T28] ? nmi_trigger_cpumask_backtrace+0x2d1/0x410 [ 286.782648][ T28] ? nmi_trigger_cpumask_backtrace+0x356/0x410 [ 286.782673][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x410 [ 286.782700][ T28] watchdog+0x1062/0x1070 [ 286.782748][ T28] kthread+0x270/0x300 [ 286.782769][ T28] ? hungtask_pm_notify+0x90/0x90 [ 286.782790][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.782815][ T28] ret_from_fork+0x1f/0x30 [ 286.782863][ T28] [ 286.786127][ T28] Kernel Offset: disabled [ 287.284024][ T28] Rebooting in 86400 seconds..