./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1708558669 <...> [ 3.042186][ T102] udevd[102]: starting eudev-3.2.11 [ 3.044051][ T101] udevd (101) used greatest stack depth: 23056 bytes left [ 3.674856][ T122] dbus-uuidgen (122) used greatest stack depth: 22704 bytes left [ 12.940380][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 12.940393][ T28] audit: type=1400 audit(1703424641.757:61): avc: denied { transition } for pid=227 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.945010][ T28] audit: type=1400 audit(1703424641.757:62): avc: denied { noatsecure } for pid=227 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.947747][ T28] audit: type=1400 audit(1703424641.757:63): avc: denied { write } for pid=227 comm="sh" path="pipe:[13299]" dev="pipefs" ino=13299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.951284][ T28] audit: type=1400 audit(1703424641.757:64): avc: denied { rlimitinh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.953789][ T28] audit: type=1400 audit(1703424641.757:65): avc: denied { siginh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.094523][ T228] sshd (228) used greatest stack depth: 22448 bytes left Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. execve("./syz-executor1708558669", ["./syz-executor1708558669"], 0x7fff41fcadd0 /* 10 vars */) = 0 brk(NULL) = 0x5555561b7000 brk(0x5555561b7d40) = 0x5555561b7d40 arch_prctl(ARCH_SET_FS, 0x5555561b73c0) = 0 set_tid_address(0x5555561b7690) = 297 set_robust_list(0x5555561b76a0, 24) = 0 rseq(0x5555561b7ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1708558669", 4096) = 28 getrandom("\x06\xaa\x69\x5c\xec\xff\x22\x3e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555561b7d40 brk(0x5555561d8d40) = 0x5555561d8d40 brk(0x5555561d9000) = 0x5555561d9000 mprotect(0x7ff5a95fa000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.8K29Ps", 0700) = 0 chmod("./syzkaller.8K29Ps", 0777) = 0 chdir("./syzkaller.8K29Ps") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555561b76a0, 24) = 0 [pid 299] chdir("./0") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 299] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[300]}, 88) = 300 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 299] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[301]}, 88) = 301 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 301] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 301] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 301] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 301] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 301] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 1 [pid 301] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] memfd_create("syzkaller", 0) = 5 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 300] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 300] close(5) = 0 [ 21.580698][ T28] audit: type=1400 audit(1703424650.397:66): avc: denied { execmem } for pid=297 comm="syz-executor170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.600541][ T28] audit: type=1400 audit(1703424650.397:67): avc: denied { read write } for pid=297 comm="syz-executor170" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.615182][ T300] loop0: detected capacity change from 0 to 512 [pid 300] mkdir("./file1", 0777) = 0 [ 21.625122][ T28] audit: type=1400 audit(1703424650.397:68): avc: denied { open } for pid=297 comm="syz-executor170" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.655007][ T28] audit: type=1400 audit(1703424650.397:69): avc: denied { ioctl } for pid=297 comm="syz-executor170" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.680477][ T28] audit: type=1400 audit(1703424650.417:70): avc: denied { mounton } for pid=299 comm="syz-executor170" path="/root/syzkaller.8K29Ps/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 21.704643][ T28] audit: type=1400 audit(1703424650.447:71): avc: denied { mounton } for pid=299 comm="syz-executor170" path="/root/syzkaller.8K29Ps/0/file1" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 300] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 300] chdir("./file1") = 0 [pid 300] ioctl(6, LOOP_CLR_FD) = 0 [pid 300] close(6) = 0 [pid 300] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] exit_group(0 [pid 301] <... futex resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 301] +++ exited with 0 +++ [pid 300] <... futex resumed>) = ? [pid 300] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 21.730449][ T300] EXT4-fs (loop0): 1 orphan inode deleted [ 21.735989][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 21.744973][ T28] audit: type=1400 audit(1703424650.557:72): avc: denied { mount } for pid=299 comm="syz-executor170" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.749418][ T300] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/0/file1 supports timestamps until 2038 (0x7fffffff) umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x5555561b76a0, 24) = 0 [pid 305] chdir("./1") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 305] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[306]}, 88) = 306 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 305] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 306 attached => {parent_tid=[307]}, 88) = 307 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 307] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 307] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.784972][ T28] audit: type=1400 audit(1703424650.597:73): avc: denied { unmount } for pid=297 comm="syz-executor170" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 21.804979][ T28] audit: type=1400 audit(1703424650.597:74): avc: denied { unmount } for pid=297 comm="syz-executor170" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.805815][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 305] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 307] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 307] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 307] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 307] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] memfd_create("syzkaller", 0) = 5 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 306] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 306] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 306] close(5) = 0 [pid 306] mkdir("./file1", 0777) = 0 [pid 306] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 306] chdir("./file1") = 0 [pid 306] ioctl(6, LOOP_CLR_FD) = 0 [pid 306] close(6) = 0 [pid 306] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] exit_group(0 [pid 307] <... futex resumed>) = ? [pid 306] <... futex resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 307] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 21.869986][ T306] loop0: detected capacity change from 0 to 512 [ 21.880818][ T306] EXT4-fs (loop0): 1 orphan inode deleted [ 21.886357][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 21.895169][ T306] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/1/file1 supports timestamps until 2038 (0x7fffffff) umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x5555561b76a0, 24) = 0 [pid 310] chdir("./2") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 310] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[311]}, 88) = 311 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 310] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[312]}, 88) = 312 ./strace-static-x86_64: Process 312 attached ./strace-static-x86_64: Process 311 attached [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] set_robust_list(0x7ff5a95349a0, 24 [pid 312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 311] <... set_robust_list resumed>) = 0 [pid 312] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 312] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 312] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 312] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 312] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 312] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] memfd_create("syzkaller", 0) = 5 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 311] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 311] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 311] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 311] close(5) = 0 [pid 311] mkdir("./file1", 0777) = 0 [ 21.927341][ T297] EXT4-fs (loop0): unmounting filesystem. [ 21.953458][ T311] loop0: detected capacity change from 0 to 512 [ 21.971242][ T311] EXT4-fs (loop0): 1 orphan inode deleted [pid 311] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 311] chdir("./file1") = 0 [pid 311] ioctl(6, LOOP_CLR_FD) = 0 [pid 311] close(6) = 0 [pid 311] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] exit_group(0 [pid 312] <... futex resumed>) = ? [pid 310] <... exit_group resumed>) = ? [pid 312] +++ exited with 0 +++ [pid 311] <... futex resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x5555561b76a0, 24) = 0 [pid 315] chdir("./3") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 315] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[316]}, 88) = 316 ./strace-static-x86_64: Process 316 attached [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 316] set_robust_list(0x7ff5a95349a0, 24 [pid 315] <... mmap resumed>) = 0x7ff5a94f3000 [pid 316] <... set_robust_list resumed>) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] memfd_create("syzkaller", 0) = 3 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 315] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 315] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 315] rt_sigprocmask(SIG_SETMASK, [], [pid 316] <... write resumed>) = 262144 [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 316] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 315] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_SET_FD, 3 [pid 315] <... futex resumed>) = 0 [ 21.976792][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 21.985677][ T311] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/2/file1 supports timestamps until 2038 (0x7fffffff) [ 22.004390][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 315] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 317] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... ioctl resumed>) = 0 [pid 316] close(3) = 0 [pid 316] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 316] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] <... futex resumed>) = 0 [pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 317] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] <... futex resumed>) = 0 [pid 317] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 317] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] <... futex resumed>) = 0 [pid 317] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 317] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] <... futex resumed>) = 0 [pid 317] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 315] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... write resumed>) = 1045 [pid 317] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 316] ioctl(4, LOOP_CLR_FD) = 0 [pid 316] close(4) = 0 [pid 316] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] exit_group(0) = ? [pid 316] <... futex resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 317] <... futex resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x5555561b76a0, 24) = 0 [pid 320] chdir("./4") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 320] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[321]}, 88) = 321 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 320] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[322]}, 88) = 322 ./strace-static-x86_64: Process 322 attached [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] memfd_create("syzkaller", 0) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 322] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 322] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 321] <... write resumed>) = 262144 [pid 321] munmap(0x7ff5a10f3000, 138412032 [pid 322] <... mount resumed>) = 0 [pid 321] <... munmap resumed>) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 321] ioctl(5, LOOP_SET_FD, 3 [pid 322] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 322] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 22.048596][ T316] loop0: detected capacity change from 0 to 512 [ 22.060379][ T316] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 22.073973][ T316] EXT4-fs (loop0): get root inode failed [ 22.079808][ T316] EXT4-fs (loop0): mount failed [pid 322] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 321] <... ioctl resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] close(3) = 0 [pid 321] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 321] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 322] <... write resumed>) = -1 EIO (Input/output error) [pid 322] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] <... futex resumed>) = 0 [pid 322] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... write resumed>) = 1045 [pid 322] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [ 22.102987][ T321] loop0: detected capacity change from 0 to 512 [ 22.104418][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 22.111357][ T28] audit: type=1400 audit(1703424650.917:75): avc: denied { mounton } for pid=320 comm="syz-executor170" path="/root/syzkaller.8K29Ps/4/bus" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 322] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 321] ioctl(5, LOOP_CLR_FD) = 0 [pid 321] close(5) = 0 [pid 321] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] exit_group(0 [pid 322] <... futex resumed>) = ? [pid 320] <... exit_group resumed>) = ? [pid 322] +++ exited with 0 +++ [pid 321] <... futex resumed>) = ? [pid 321] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x5555561b76a0, 24) = 0 [pid 325] chdir("./5") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 325] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[326]}, 88) = 326 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 325] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[327]}, 88) = 327 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 327] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 327] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 327] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 327] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 327] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 327] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] memfd_create("syzkaller", 0) = 5 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 326] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 326] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.149849][ T321] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 22.163054][ T321] EXT4-fs (loop0): get root inode failed [ 22.168629][ T321] EXT4-fs (loop0): mount failed [pid 326] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 326] close(5) = 0 [pid 326] mkdir("./file1", 0777) = 0 [pid 326] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 326] chdir("./file1") = 0 [pid 326] ioctl(6, LOOP_CLR_FD) = 0 [pid 326] close(6) = 0 [pid 326] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] exit_group(0 [pid 327] <... futex resumed>) = ? [pid 325] <... exit_group resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 326] <... futex resumed>) = ? [pid 326] +++ exited with 0 +++ [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 22.199651][ T326] loop0: detected capacity change from 0 to 512 [ 22.211207][ T326] EXT4-fs (loop0): 1 orphan inode deleted [ 22.217083][ T326] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.225871][ T326] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/5/file1 supports timestamps until 2038 (0x7fffffff) umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x5555561b76a0, 24) = 0 [pid 332] chdir("./6") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 332] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] <... clone3 resumed> => {parent_tid=[333]}, 88) = 333 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = 1 [pid 333] memfd_create("syzkaller", 0 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] <... memfd_create resumed>) = 3 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 332] <... mmap resumed>) = 0x7ff5a94f3000 [pid 332] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 332] rt_sigprocmask(SIG_BLOCK, ~[], [pid 333] <... write resumed>) = 262144 [pid 333] munmap(0x7ff5a10f3000, 138412032 [pid 332] <... rt_sigprocmask resumed>[], 8) = 0 [pid 332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 333] <... munmap resumed>) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 334 attached [pid 332] <... clone3 resumed> => {parent_tid=[334]}, 88) = 334 [pid 332] rt_sigprocmask(SIG_SETMASK, [], [pid 334] set_robust_list(0x7ff5a95139a0, 24 [pid 333] <... openat resumed>) = 4 [pid 332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 334] <... set_robust_list resumed>) = 0 [pid 333] ioctl(4, LOOP_SET_FD, 3 [pid 332] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] rt_sigprocmask(SIG_SETMASK, [], [pid 333] <... ioctl resumed>) = 0 [pid 334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 333] close(3 [pid 334] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 333] <... close resumed>) = 0 [pid 334] <... open resumed>) = 3 [pid 333] mkdir("./bus", 0777 [pid 334] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 334] <... futex resumed>) = 1 [pid 333] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 332] <... futex resumed>) = 0 [pid 334] <... mount resumed>) = 0 [pid 334] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 332] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... open resumed>) = 5 [pid 334] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 334] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 334] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 334] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [ 22.253430][ T297] EXT4-fs (loop0): unmounting filesystem. [ 22.282596][ T333] loop0: detected capacity change from 0 to 512 [pid 334] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] exit_group(0 [pid 333] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = ? [pid 332] <... exit_group resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x5555561b76a0, 24) = 0 [pid 337] chdir("./7") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 337] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[338]}, 88) = 338 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 337] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[339]}, 88) = 339 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 339] <... open resumed>) = 4 [pid 339] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 338] <... write resumed>) = 262144 [pid 338] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 22.299960][ T333] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 22.313090][ T333] EXT4-fs (loop0): get root inode failed [ 22.318524][ T333] EXT4-fs (loop0): mount failed [pid 338] ioctl(5, LOOP_SET_FD, 3 [pid 339] <... mount resumed>) = 0 [pid 338] <... ioctl resumed>) = 0 [pid 338] close(3) = 0 [pid 338] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 338] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 339] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 339] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 339] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 339] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [ 22.348102][ T338] loop0: detected capacity change from 0 to 512 [ 22.356923][ T338] ================================================================================ [ 22.366309][ T338] UBSAN: shift-out-of-bounds in fs/ext4/super.c:4351:27 [ 22.373108][ T338] shift exponent 59 is too large for 32-bit type 'int' [ 22.379774][ T338] CPU: 1 PID: 338 Comm: syz-executor170 Not tainted 6.1.57-syzkaller-00065-g401a2769d990 #0 [ 22.389633][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 22.399530][ T338] Call Trace: [ 22.402649][ T338] [ 22.405430][ T338] dump_stack_lvl+0x151/0x1b7 [ 22.409944][ T338] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.415237][ T338] dump_stack+0x15/0x17 [ 22.419230][ T338] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 22.425477][ T338] ? make_kgid+0x1f2/0x6f0 [ 22.429728][ T338] ext4_handle_clustersize+0x593/0x5c0 [ 22.435025][ T338] ext4_fill_super+0x49ed/0x8460 [ 22.439800][ T338] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [pid 339] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] exit_group(0 [pid 339] <... futex resumed>) = ? [pid 337] <... exit_group resumed>) = ? [pid 339] +++ exited with 0 +++ [ 22.445878][ T338] ? snprintf+0xd6/0x120 [ 22.449951][ T338] ? set_blocksize+0x1cb/0x360 [ 22.454551][ T338] ? sb_set_blocksize+0xa8/0xf0 [ 22.459244][ T338] get_tree_bdev+0x440/0x680 [ 22.463663][ T338] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 22.469739][ T338] ext4_get_tree+0x1c/0x20 [ 22.473993][ T338] vfs_get_tree+0x88/0x290 [ 22.478245][ T338] do_new_mount+0x28b/0xad0 [ 22.482592][ T338] ? do_move_mount_old+0x160/0x160 [ 22.487538][ T338] ? security_capable+0x87/0xb0 [ 22.492218][ T338] ? ns_capable+0x89/0xe0 [ 22.496384][ T338] path_mount+0x671/0x1070 [ 22.500714][ T338] ? user_path_at_empty+0x14e/0x1a0 [ 22.505672][ T338] __se_sys_mount+0x2c4/0x3b0 [ 22.510203][ T338] ? __x64_sys_mount+0xd0/0xd0 [ 22.514787][ T338] ? fpregs_restore_userregs+0x130/0x290 [ 22.520254][ T338] __x64_sys_mount+0xbf/0xd0 [ 22.524681][ T338] do_syscall_64+0x3d/0xb0 [ 22.528934][ T338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 22.534668][ T338] RIP: 0033:0x7ff5a9578f6a [ 22.538911][ T338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 22.558372][ T338] RSP: 002b:00007ff5a9534088 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 22.566599][ T338] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff5a9578f6a [ 22.574409][ T338] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00007ff5a95340a0 [ 22.582223][ T338] RBP: 00007ff5a95340a0 R08: 00007ff5a95340e0 R09: 00000000000004d6 [ 22.590032][ T338] R10: 0000000000004500 R11: 0000000000000202 R12: 00007ff5a95340e0 [pid 338] <... mount resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 22.597845][ T338] R13: 0000000000004500 R14: 0000000000000003 R15: 0000000000040000 [ 22.605660][ T338] [ 22.608710][ T338] ================================================================================ [ 22.617811][ T338] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x5555561b76a0, 24) = 0 [pid 340] chdir("./8") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 340] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 341 attached => {parent_tid=[341]}, 88) = 341 [pid 341] set_robust_list(0x7ff5a95349a0, 24 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 340] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 341] <... set_robust_list resumed>) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], [pid 340] <... mprotect resumed>) = 0 [pid 341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [pid 341] <... mmap resumed>) = 0x7ff5a10f3000 [pid 340] <... rt_sigprocmask resumed>[], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[342]}, 88) = 342 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 341] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 342 attached [pid 341] close(3) = 0 [pid 341] mkdir("./file1", 0777 [pid 342] set_robust_list(0x7ff5a95139a0, 24 [pid 341] <... mkdir resumed>) = 0 [pid 342] <... set_robust_list resumed>) = 0 [pid 341] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 342] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 342] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] <... futex resumed>) = 1 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 342] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] <... futex resumed>) = 0 [pid 342] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 340] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... write resumed>) = 8 [pid 340] <... futex resumed>) = 0 [pid 342] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 0 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 340] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... write resumed>) = 1045 [pid 340] <... futex resumed>) = 0 [pid 342] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 0 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 341] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] exit_group(0 [pid 342] <... futex resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 341] <... futex resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x5555561b76a0, 24) = 0 [pid 345] chdir("./9") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 345] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... clone3 resumed> => {parent_tid=[346]}, 88) = 346 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] memfd_create("syzkaller", 0 [pid 345] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] <... memfd_create resumed>) = 3 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 346] <... mmap resumed>) = 0x7ff5a10f3000 [pid 345] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 345] <... mprotect resumed>) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 347] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... clone3 resumed> => {parent_tid=[347]}, 88) = 347 [pid 346] <... write resumed>) = 262144 [pid 346] munmap(0x7ff5a10f3000, 138412032 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] <... munmap resumed>) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 345] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 346] <... openat resumed>) = 4 [pid 345] <... futex resumed>) = 1 [pid 347] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 346] ioctl(4, LOOP_SET_FD, 3 [ 22.691947][ T341] loop0: detected capacity change from 0 to 512 [ 22.709854][ T341] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 22.723162][ T341] EXT4-fs (loop0): get root inode failed [ 22.728621][ T341] EXT4-fs (loop0): mount failed [pid 345] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... open resumed>) = 5 [pid 347] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... ioctl resumed>) = 0 [pid 347] <... futex resumed>) = 1 [pid 345] <... futex resumed>) = 0 [pid 347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 345] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... mount resumed>) = 0 [pid 345] <... futex resumed>) = 0 [pid 347] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 345] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... open resumed>) = 6 [pid 345] <... futex resumed>) = 0 [pid 347] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 345] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] close(3 [pid 347] <... write resumed>) = 8 [pid 347] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 347] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 345] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... close resumed>) = 0 [pid 347] <... write resumed>) = 1045 [pid 346] mkdir("./bus", 0777 [pid 347] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 347] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 346] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 EINVAL (Invalid argument) [pid 346] ioctl(4, LOOP_CLR_FD) = 0 [pid 346] close(4) = 0 [pid 346] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] exit_group(0 [pid 347] <... futex resumed>) = ? [pid 345] <... exit_group resumed>) = ? [pid 347] +++ exited with 0 +++ [pid 346] <... futex resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x5555561b76a0, 24) = 0 [pid 348] chdir("./10") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 348] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[349]}, 88) = 349 [pid 348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 348] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 348] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 349 attached ) = 0 [pid 348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 350 attached => {parent_tid=[350]}, 88) = 350 [pid 350] set_robust_list(0x7ff5a95139a0, 24 [pid 348] rt_sigprocmask(SIG_SETMASK, [], [pid 350] <... set_robust_list resumed>) = 0 [pid 348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], [pid 348] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 349] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 349] rt_sigprocmask(SIG_SETMASK, [], [pid 350] <... open resumed>) = 3 [pid 350] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 350] <... futex resumed>) = 1 [pid 349] memfd_create("syzkaller", 0 [pid 348] <... futex resumed>) = 0 [pid 350] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 349] <... memfd_create resumed>) = 4 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 349] <... mmap resumed>) = 0x7ff5a10f3000 [pid 350] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 349] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 350] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 350] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 350] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 350] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 350] <... futex resumed>) = 1 [pid 350] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] <... write resumed>) = 262144 [pid 349] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.766071][ T346] loop0: detected capacity change from 0 to 512 [ 22.774917][ T346] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 349] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 349] close(4) = 0 [pid 349] mkdir("./file1", 0777) = 0 [pid 349] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 349] chdir("./file1") = 0 [pid 349] ioctl(6, LOOP_CLR_FD) = 0 [pid 349] close(6) = 0 [pid 349] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] exit_group(0 [pid 350] <... futex resumed>) = ? [pid 348] <... exit_group resumed>) = ? [pid 350] +++ exited with 0 +++ [pid 349] <... futex resumed>) = ? [pid 349] +++ exited with 0 +++ [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 22.825916][ T349] loop0: detected capacity change from 0 to 512 [ 22.840896][ T349] EXT4-fs (loop0): 1 orphan inode deleted [ 22.846555][ T349] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.855435][ T349] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/10/file1 supports timestamps until 2038 (0x7fffffff) umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x5555561b76a0, 24) = 0 [pid 354] chdir("./11") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 354] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 355 attached => {parent_tid=[355]}, 88) = 355 [pid 355] set_robust_list(0x7ff5a95349a0, 24 [pid 354] rt_sigprocmask(SIG_SETMASK, [], [pid 355] <... set_robust_list resumed>) = 0 [pid 354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_SETMASK, [], [pid 354] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] memfd_create("syzkaller", 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 355] <... memfd_create resumed>) = 3 [pid 354] <... mmap resumed>) = 0x7ff5a94f3000 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 354] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] <... mmap resumed>) = 0x7ff5a10f3000 [pid 354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 356 attached => {parent_tid=[356]}, 88) = 356 [pid 354] rt_sigprocmask(SIG_SETMASK, [], [pid 356] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... open resumed>) = 4 [pid 356] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] <... futex resumed>) = 0 [pid 356] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 356] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] <... futex resumed>) = 0 [pid 356] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 354] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... open resumed>) = 5 [pid 356] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] <... futex resumed>) = 0 [pid 356] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 354] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 354] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 354] <... futex resumed>) = 0 [pid 356] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 354] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 356] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] <... futex resumed>) = 0 [pid 356] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 355] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.890129][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 355] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 355] close(3) = 0 [pid 355] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 22.932025][ T355] loop0: detected capacity change from 0 to 512 [ 22.951247][ T355] EXT4-fs (loop0): 1 orphan inode deleted [ 22.956796][ T355] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.965607][ T355] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/11/bus supports timestamps until 2038 (0x7fffffff) [ 22.979954][ T355] EXT4-fs (loop0): unmounting filesystem. [pid 355] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] exit_group(0 [pid 356] <... futex resumed>) = ? [pid 354] <... exit_group resumed>) = ? [pid 356] +++ exited with 0 +++ [pid 355] <... futex resumed>) = ? [pid 355] +++ exited with 0 +++ [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x5555561b76a0, 24) = 0 [pid 359] chdir("./12") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 359] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[360]}, 88) = 360 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 359] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[361]}, 88) = 361 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 361] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] <... futex resumed>) = 0 [pid 361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 361] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] <... futex resumed>) = 1 [pid 361] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 361] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] <... futex resumed>) = 1 [pid 361] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 360] <... ioctl resumed>) = 0 [pid 361] <... write resumed>) = -1 EIO (Input/output error) [pid 361] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] <... futex resumed>) = 1 [pid 361] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 360] close(3) = 0 [pid 360] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 360] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 361] <... write resumed>) = 1045 [pid 361] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 1 [pid 361] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] exit_group(0 [pid 361] <... futex resumed>) = ? [pid 359] <... exit_group resumed>) = ? [pid 361] +++ exited with 0 +++ [pid 360] <... futex resumed>) = ? [pid 360] +++ exited with 0 +++ [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 362 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x5555561b76a0, 24) = 0 [pid 362] chdir("./13") = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 362] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[363]}, 88) = 363 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 362] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[364]}, 88) = 364 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] memfd_create("syzkaller", 0) = 3 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 364] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 364] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 364] <... futex resumed>) = 1 [pid 363] <... write resumed>) = 262144 [pid 363] munmap(0x7ff5a10f3000, 138412032 [pid 362] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 362] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... mount resumed>) = 0 [pid 364] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 364] <... futex resumed>) = 1 [pid 364] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 362] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... open resumed>) = 5 [pid 364] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 364] <... futex resumed>) = 1 [pid 362] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 364] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 364] <... futex resumed>) = 1 [pid 362] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 364] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 364] <... futex resumed>) = 1 [pid 364] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... munmap resumed>) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.051495][ T360] loop0: detected capacity change from 0 to 512 [ 23.056489][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 23.068413][ T360] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 363] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 363] close(3) = 0 [pid 363] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 363] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] exit_group(0) = ? [pid 363] <... futex resumed>) = ? [pid 363] +++ exited with 0 +++ [pid 364] <... futex resumed>) = ? [pid 364] +++ exited with 0 +++ [pid 362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x5555561b76a0, 24) = 0 [pid 367] chdir("./14") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 367] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 368 attached [ 23.104499][ T363] loop0: detected capacity change from 0 to 512 [ 23.121226][ T363] EXT4-fs (loop0): 1 orphan inode deleted [ 23.126795][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.135601][ T363] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/13/bus supports timestamps until 2038 (0x7fffffff) [ 23.147655][ T363] EXT4-fs (loop0): unmounting filesystem. [pid 368] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... clone3 resumed> => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] memfd_create("syzkaller", 0 [pid 367] <... futex resumed>) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 368] <... memfd_create resumed>) = 3 [pid 367] <... mmap resumed>) = 0x7ff5a94f3000 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 367] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... clone3 resumed> => {parent_tid=[369]}, 88) = 369 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 368] <... write resumed>) = 262144 [pid 368] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 369] <... open resumed>) = 4 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 369] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... openat resumed>) = 5 [pid 367] <... futex resumed>) = 0 [pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 367] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] ioctl(5, LOOP_SET_FD, 3 [pid 367] <... futex resumed>) = 0 [pid 369] <... mount resumed>) = 0 [pid 369] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 368] <... ioctl resumed>) = 0 [pid 367] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... open resumed>) = 6 [pid 368] close(3 [pid 367] <... futex resumed>) = 0 [pid 369] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] <... close resumed>) = 0 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] mkdir("./bus", 0777 [pid 369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 369] <... write resumed>) = 8 [pid 369] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 369] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 367] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... write resumed>) = 1045 [pid 369] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 369] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 368] ioctl(5, LOOP_CLR_FD) = 0 [pid 368] close(5) = 0 [pid 368] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] exit_group(0 [pid 369] <... futex resumed>) = ? [pid 367] <... exit_group resumed>) = ? [pid 369] +++ exited with 0 +++ [pid 368] <... futex resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 23.194421][ T368] loop0: detected capacity change from 0 to 512 [ 23.204596][ T368] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x5555561b76a0, 24) = 0 [pid 371] chdir("./15") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 371] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7ff5a95349a0, 24 [pid 371] <... clone3 resumed> => {parent_tid=[372]}, 88) = 372 [pid 371] rt_sigprocmask(SIG_SETMASK, [], [pid 372] <... set_robust_list resumed>) = 0 [pid 372] rt_sigprocmask(SIG_SETMASK, [], [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 372] memfd_create("syzkaller", 0 [pid 371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 373 attached [pid 372] <... memfd_create resumed>) = 3 [pid 371] <... clone3 resumed> => {parent_tid=[373]}, 88) = 373 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] <... mmap resumed>) = 0x7ff5a10f3000 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 373] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 373] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 373] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 373] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 373] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 373] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 373] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] <... write resumed>) = 262144 [pid 372] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 372] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 372] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 372] ioctl(6, LOOP_CLR_FD) = 0 [pid 372] close(6) = 0 [pid 372] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] exit_group(0) = ? [pid 372] <... futex resumed>) = ? [pid 372] +++ exited with 0 +++ [pid 373] <... futex resumed>) = ? [pid 373] +++ exited with 0 +++ [pid 371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555561b76a0, 24) = 0 [pid 376] chdir("./16") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [ 23.283469][ T372] loop0: detected capacity change from 0 to 512 [ 23.300760][ T372] EXT4-fs (loop0): 1 orphan inode deleted [ 23.306424][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.315285][ T372] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/15/bus supports timestamps until 2038 (0x7fffffff) [ 23.327349][ T372] EXT4-fs (loop0): unmounting filesystem. [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 376] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[377]}, 88) = 377 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 376] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[378]}, 88) = 378 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] memfd_create("syzkaller", 0) = 3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 378] <... open resumed>) = 4 [pid 378] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 377] <... write resumed>) = 262144 [pid 377] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 377] ioctl(5, LOOP_SET_FD, 3 [pid 378] <... mount resumed>) = 0 [pid 378] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] <... futex resumed>) = 0 [pid 377] <... ioctl resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 376] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] close(3) = 0 [pid 377] mkdir("./bus", 0777 [pid 378] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 377] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 377] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 378] <... open resumed>) = 3 [pid 378] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 378] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 378] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = 1 [pid 378] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 377] ioctl(5, LOOP_CLR_FD) = 0 [pid 377] close(5) = 0 [pid 377] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] exit_group(0 [pid 378] <... futex resumed>) = ? [pid 376] <... exit_group resumed>) = ? [pid 378] +++ exited with 0 +++ [pid 377] <... futex resumed>) = ? [pid 377] +++ exited with 0 +++ [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x5555561b76a0, 24) = 0 [pid 381] chdir("./17") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 381] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[382]}, 88) = 382 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 381] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[383]}, 88) = 383 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 383] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 383] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 383] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 383] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 383] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 383] <... futex resumed>) = 1 [pid 383] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] memfd_create("syzkaller", 0) = 5 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 382] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 382] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.374088][ T377] loop0: detected capacity change from 0 to 512 [ 23.400773][ T377] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 23.413936][ T377] EXT4-fs (loop0): get root inode failed [ 23.419447][ T377] EXT4-fs (loop0): mount failed [pid 382] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 382] close(5) = 0 [pid 382] mkdir("./file1", 0777) = 0 [pid 382] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 382] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 382] chdir("./file1") = 0 [pid 382] ioctl(6, LOOP_CLR_FD) = 0 [pid 382] close(6) = 0 [pid 382] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] exit_group(0 [pid 383] <... futex resumed>) = ? [pid 381] <... exit_group resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 382] <... futex resumed>) = ? [pid 382] +++ exited with 0 +++ [pid 381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 23.440946][ T382] loop0: detected capacity change from 0 to 512 [ 23.450865][ T382] EXT4-fs (loop0): 1 orphan inode deleted [ 23.456406][ T382] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.465235][ T382] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/17/file1 supports timestamps until 2038 (0x7fffffff) umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 386 ./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x5555561b76a0, 24) = 0 [pid 386] chdir("./18") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 386] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[387]}, 88) = 387 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 386] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[388]}, 88) = 388 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] memfd_create("syzkaller", 0) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 387] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x7ff5a95139a0, 24) = 0 [ 23.486762][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 388] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 388] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 388] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 387] <... ioctl resumed>) = 0 [pid 387] close(3) = 0 [pid 387] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 387] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 388] <... write resumed>) = -1 EIO (Input/output error) [pid 388] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 388] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = 1 [pid 388] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 387] ioctl(4, LOOP_CLR_FD) = 0 [pid 387] close(4) = 0 [pid 387] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] exit_group(0 [pid 388] <... futex resumed>) = ? [pid 386] <... exit_group resumed>) = ? [pid 388] +++ exited with 0 +++ [pid 387] <... futex resumed>) = ? [pid 387] +++ exited with 0 +++ [pid 386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x5555561b76a0, 24) = 0 [pid 391] chdir("./19") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 391] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 392 attached => {parent_tid=[392]}, 88) = 392 [pid 392] set_robust_list(0x7ff5a95349a0, 24 [pid 391] rt_sigprocmask(SIG_SETMASK, [], [pid 392] <... set_robust_list resumed>) = 0 [pid 391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] rt_sigprocmask(SIG_SETMASK, [], [pid 391] <... futex resumed>) = 0 [pid 392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] memfd_create("syzkaller", 0 [pid 391] <... futex resumed>) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] <... memfd_create resumed>) = 3 [pid 391] <... mmap resumed>) = 0x7ff5a94f3000 [pid 391] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 391] <... mprotect resumed>) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [pid 392] <... mmap resumed>) = 0x7ff5a10f3000 [pid 391] <... rt_sigprocmask resumed>[], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... clone3 resumed> => {parent_tid=[393]}, 88) = 393 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 391] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 393] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 391] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] <... mount resumed>) = 0 [pid 393] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 393] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 391] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... open resumed>) = 5 [pid 393] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 392] <... write resumed>) = 262144 [pid 391] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 392] munmap(0x7ff5a10f3000, 138412032 [pid 393] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 393] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 392] <... munmap resumed>) = 0 [pid 391] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 391] <... futex resumed>) = 0 [pid 393] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 391] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 393] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] <... openat resumed>) = 6 [ 23.521295][ T387] loop0: detected capacity change from 0 to 512 [ 23.526758][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 23.540117][ T387] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 23.553320][ T387] EXT4-fs (loop0): get root inode failed [ 23.558767][ T387] EXT4-fs (loop0): mount failed [pid 392] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 392] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] exit_group(0 [pid 393] <... futex resumed>) = ? [pid 391] <... exit_group resumed>) = ? [pid 393] +++ exited with 0 +++ [pid 392] <... futex resumed>) = ? [pid 392] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x5555561b76a0, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 396 [pid 396] chdir("./20") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 396] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x7ff5a95349a0, 24 [pid 396] <... clone3 resumed> => {parent_tid=[397]}, 88) = 397 [pid 397] <... set_robust_list resumed>) = 0 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 397] rt_sigprocmask(SIG_SETMASK, [], [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] memfd_create("syzkaller", 0 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... memfd_create resumed>) = 3 [pid 396] <... futex resumed>) = 0 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 397] <... mmap resumed>) = 0x7ff5a10f3000 [pid 396] <... mmap resumed>) = 0x7ff5a94f3000 [pid 396] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[398]}, 88) = 398 [pid 396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 398] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 398] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... write resumed>) = 262144 [pid 397] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 23.590421][ T392] loop0: detected capacity change from 0 to 512 [ 23.600950][ T392] EXT4-fs (loop0): 1 orphan inode deleted [ 23.606620][ T392] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.615486][ T392] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/19/bus supports timestamps until 2038 (0x7fffffff) [ 23.627576][ T392] EXT4-fs (loop0): unmounting filesystem. [pid 397] ioctl(5, LOOP_SET_FD, 3 [pid 398] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 0 [pid 397] <... ioctl resumed>) = 0 [pid 397] close(3) = 0 [pid 397] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 397] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 396] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 398] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 398] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 396] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... open resumed>) = 3 [pid 398] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... write resumed>) = 8 [pid 398] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 398] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 396] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... write resumed>) = 1045 [pid 398] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 398] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 397] ioctl(5, LOOP_CLR_FD) = 0 [pid 397] close(5) = 0 [pid 397] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] exit_group(0) = ? [pid 397] <... futex resumed>) = ? [pid 397] +++ exited with 0 +++ [pid 398] <... futex resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x5555561b76a0, 24) = 0 [pid 401] chdir("./21") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 401] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[402]}, 88) = 402 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 401] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[403]}, 88) = 403 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 402] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.657102][ T397] loop0: detected capacity change from 0 to 512 [ 23.670014][ T397] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 23.683212][ T397] EXT4-fs (loop0): get root inode failed [ 23.688743][ T397] EXT4-fs (loop0): mount failed [pid 402] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 403] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 0 [pid 403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 403] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 403] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 402] <... ioctl resumed>) = 0 [pid 402] close(3) = 0 [pid 402] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 402] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 403] <... write resumed>) = -1 EIO (Input/output error) [pid 403] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 403] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 403] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] exit_group(0) = ? [pid 403] <... futex resumed>) = ? [pid 403] +++ exited with 0 +++ [pid 402] <... futex resumed>) = ? [pid 402] +++ exited with 0 +++ [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x5555561b76a0, 24) = 0 [pid 404] chdir("./22") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 404] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... clone3 resumed> => {parent_tid=[405]}, 88) = 405 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] memfd_create("syzkaller", 0 [pid 404] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] <... memfd_create resumed>) = 3 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 404] <... mmap resumed>) = 0x7ff5a94f3000 [pid 404] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 405] <... mmap resumed>) = 0x7ff5a10f3000 [pid 404] <... mprotect resumed>) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... clone3 resumed> => {parent_tid=[406]}, 88) = 406 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 404] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 406] <... open resumed>) = 4 [pid 405] <... write resumed>) = 262144 [pid 406] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] munmap(0x7ff5a10f3000, 138412032 [pid 406] <... futex resumed>) = 1 [pid 404] <... futex resumed>) = 0 [pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 404] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... munmap resumed>) = 0 [pid 404] <... futex resumed>) = 0 [pid 406] <... mount resumed>) = 0 [pid 406] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 404] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 405] <... openat resumed>) = 5 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 405] ioctl(5, LOOP_SET_FD, 3 [pid 404] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] <... open resumed>) = 6 [ 23.708920][ T402] loop0: detected capacity change from 0 to 512 [ 23.713736][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 23.727206][ T402] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 406] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... ioctl resumed>) = 0 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... futex resumed>) = 0 [pid 405] close(3 [pid 404] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 405] <... close resumed>) = 0 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] mkdir("./bus", 0777 [pid 406] <... write resumed>) = 8 [pid 406] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 406] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 404] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 404] <... futex resumed>) = 0 [pid 406] <... write resumed>) = 1045 [pid 405] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 404] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 405] ioctl(5, LOOP_CLR_FD) = 0 [pid 405] close(5) = 0 [pid 405] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] exit_group(0) = ? [pid 405] <... futex resumed>) = ? [pid 405] +++ exited with 0 +++ [pid 406] <... futex resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x5555561b76a0, 24) = 0 [pid 407] chdir("./23") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 407] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[408]}, 88) = 408 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 407] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[409]}, 88) = 409 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 409 attached ./strace-static-x86_64: Process 408 attached [pid 409] set_robust_list(0x7ff5a95139a0, 24 [pid 408] set_robust_list(0x7ff5a95349a0, 24 [pid 409] <... set_robust_list resumed>) = 0 [pid 408] <... set_robust_list resumed>) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], [pid 408] rt_sigprocmask(SIG_SETMASK, [], [pid 409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 409] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 408] memfd_create("syzkaller", 0) = 4 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 409] <... open resumed>) = 3 [pid 409] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = -1 ENOENT (No such file or directory) [pid 409] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 408] <... mmap resumed>) = 0x7ff5a10f3000 [pid 409] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = -1 ENOENT (No such file or directory) [pid 409] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] write(-1, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 EBADF (Bad file descriptor) [pid 409] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 407] <... futex resumed>) = 0 [pid 409] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 407] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... futex resumed>) = 0 [pid 408] <... write resumed>) = 262144 [pid 408] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 23.771599][ T405] loop0: detected capacity change from 0 to 512 [ 23.780948][ T405] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 408] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./file1", 0777) = -1 EEXIST (File exists) [pid 408] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [ 23.818209][ T408] loop0: detected capacity change from 0 to 512 [ 23.830887][ T408] EXT4-fs (loop0): 1 orphan inode deleted [ 23.836455][ T408] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.845481][ T408] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/23/file1 supports timestamps until 2038 (0x7fffffff) [ 23.857754][ T408] EXT4-fs (loop0): unmounting filesystem. [pid 408] ioctl(5, LOOP_CLR_FD) = 0 [pid 408] close(5) = 0 [pid 408] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] exit_group(0 [pid 409] <... futex resumed>) = ? [pid 408] <... futex resumed>) = ? [pid 407] <... exit_group resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 408] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 412 ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x5555561b76a0, 24) = 0 [pid 412] chdir("./24") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 412] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 412] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[413]}, 88) = 413 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 412] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[414]}, 88) = 414 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 414] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 414] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 414] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 414] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 414] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 414] <... futex resumed>) = 1 [pid 414] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] memfd_create("syzkaller", 0) = 5 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 413] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 413] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 413] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 413] close(5) = 0 [pid 413] mkdir("./file1", 0777) = 0 [pid 413] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 413] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 413] chdir("./file1") = 0 [pid 413] ioctl(6, LOOP_CLR_FD) = 0 [pid 413] close(6) = 0 [pid 413] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] exit_group(0 [pid 414] <... futex resumed>) = ? [pid 412] <... exit_group resumed>) = ? [pid 414] +++ exited with 0 +++ [pid 413] <... futex resumed>) = ? [pid 413] +++ exited with 0 +++ [pid 412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 23.936704][ T413] loop0: detected capacity change from 0 to 512 [ 23.950723][ T413] EXT4-fs (loop0): 1 orphan inode deleted [ 23.956301][ T413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.965095][ T413] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/24/file1 supports timestamps until 2038 (0x7fffffff) umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x5555561b76a0, 24) = 0 [pid 417] chdir("./25") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 417] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 418 attached => {parent_tid=[418]}, 88) = 418 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 417] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 417] rt_sigprocmask(SIG_BLOCK, ~[], [pid 418] set_robust_list(0x7ff5a95349a0, 24 [pid 417] <... rt_sigprocmask resumed>[], 8) = 0 [pid 417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[419]}, 88) = 419 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... set_robust_list resumed>) = 0 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] memfd_create("syzkaller", 0) = 3 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 419] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 419] <... futex resumed>) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 419] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... write resumed>) = 262144 [pid 418] munmap(0x7ff5a10f3000, 138412032 [pid 419] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 418] <... munmap resumed>) = 0 [ 23.986450][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 418] ioctl(5, LOOP_SET_FD, 3 [pid 419] <... open resumed>) = 6 [pid 419] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... ioctl resumed>) = 0 [pid 417] <... futex resumed>) = 0 [pid 418] close(3 [pid 417] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... close resumed>) = 0 [pid 417] <... futex resumed>) = 1 [pid 419] <... futex resumed>) = 0 [pid 419] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 418] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 419] <... write resumed>) = 8 [pid 419] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 419] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 417] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... write resumed>) = 1045 [pid 419] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 418] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 418] ioctl(5, LOOP_CLR_FD) = 0 [pid 418] close(5) = 0 [pid 418] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] exit_group(0) = ? [pid 419] <... futex resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 418] <... futex resumed>) = ? [pid 418] +++ exited with 0 +++ [pid 417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x5555561b76a0, 24) = 0 [pid 420] chdir("./26") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 420] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 421 attached => {parent_tid=[421]}, 88) = 421 [pid 421] set_robust_list(0x7ff5a95349a0, 24 [pid 420] rt_sigprocmask(SIG_SETMASK, [], [pid 421] <... set_robust_list resumed>) = 0 [pid 420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 421] rt_sigprocmask(SIG_SETMASK, [], [pid 420] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 420] <... futex resumed>) = 0 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a1114000 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a10f3000 [pid 420] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0} => {parent_tid=[422]}, 88) = 422 [pid 420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 420] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 422 attached [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 421] <... write resumed>) = 262144 [pid 421] munmap(0x7ff5a1114000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 422] <... open resumed>) = 4 [ 24.028323][ T418] loop0: detected capacity change from 0 to 512 [ 24.037165][ T418] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 421] ioctl(5, LOOP_SET_FD, 3 [pid 422] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... ioctl resumed>) = 0 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] close(3) = 0 [pid 421] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 421] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 422] <... futex resumed>) = 1 [pid 422] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 422] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 422] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 422] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 422] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 422] <... futex resumed>) = 1 [pid 422] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 421] ioctl(5, LOOP_CLR_FD) = 0 [pid 421] close(5) = 0 [pid 421] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] exit_group(0) = ? [pid 422] <... futex resumed>) = ? [pid 422] +++ exited with 0 +++ [pid 421] <... futex resumed>) = ? [pid 421] +++ exited with 0 +++ [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x5555561b76a0, 24) = 0 [pid 425] chdir("./27") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 425] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 425] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... clone3 resumed> => {parent_tid=[426]}, 88) = 426 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] memfd_create("syzkaller", 0 [pid 425] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 426] <... memfd_create resumed>) = 3 [pid 425] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 425] <... mprotect resumed>) = 0 [pid 426] <... mmap resumed>) = 0x7ff5a10f3000 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... clone3 resumed> => {parent_tid=[427]}, 88) = 427 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 425] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... open resumed>) = 4 [pid 427] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 425] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... mount resumed>) = 0 [pid 427] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 425] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... open resumed>) = 5 [pid 427] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... futex resumed>) = 0 [pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 425] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 427] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 425] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 427] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... write resumed>) = 262144 [pid 426] munmap(0x7ff5a10f3000, 138412032 [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] <... munmap resumed>) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.073276][ T421] loop0: detected capacity change from 0 to 512 [ 24.090207][ T421] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 24.103297][ T421] EXT4-fs (loop0): get root inode failed [ 24.108863][ T421] EXT4-fs (loop0): mount failed [pid 426] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 426] close(3) = 0 [pid 426] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 426] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 426] ioctl(6, LOOP_CLR_FD) = 0 [pid 426] close(6) = 0 [pid 426] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] exit_group(0) = ? [pid 426] <... futex resumed>) = ? [pid 426] +++ exited with 0 +++ [pid 427] <... futex resumed>) = ? [ 24.139433][ T426] loop0: detected capacity change from 0 to 512 [ 24.151479][ T426] EXT4-fs (loop0): 1 orphan inode deleted [ 24.157103][ T426] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.166417][ T426] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/27/bus supports timestamps until 2038 (0x7fffffff) [ 24.178378][ T426] EXT4-fs (loop0): unmounting filesystem. [pid 427] +++ exited with 0 +++ [pid 425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 431 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x5555561b76a0, 24) = 0 [pid 431] chdir("./28") = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 431] write(3, "1000", 4) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 431] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 431] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... clone3 resumed> => {parent_tid=[432]}, 88) = 432 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] memfd_create("syzkaller", 0) = 3 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a1114000 [pid 431] <... futex resumed>) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a10f3000 [pid 431] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 431] rt_sigprocmask(SIG_BLOCK, ~[], [pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 431] <... rt_sigprocmask resumed>[], 8) = 0 [pid 431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0}./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... clone3 resumed> => {parent_tid=[433]}, 88) = 433 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 432] <... write resumed>) = 262144 [pid 433] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 432] munmap(0x7ff5a1114000, 138412032 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... open resumed>) = 4 [pid 432] <... munmap resumed>) = 0 [pid 433] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 433] <... futex resumed>) = 1 [pid 431] <... futex resumed>) = 0 [pid 432] <... openat resumed>) = 5 [pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 432] ioctl(5, LOOP_SET_FD, 3 [pid 431] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] <... mount resumed>) = 0 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 432] <... ioctl resumed>) = 0 [pid 431] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] close(3 [pid 431] <... futex resumed>) = 1 [pid 433] <... futex resumed>) = 0 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 432] <... close resumed>) = 0 [pid 432] mkdir("./bus", 0777 [pid 433] <... open resumed>) = 3 [pid 433] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 433] <... futex resumed>) = 1 [pid 432] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... write resumed>) = 8 [pid 433] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 432] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 433] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] ioctl(5, LOOP_CLR_FD [pid 431] <... futex resumed>) = 0 [pid 432] <... ioctl resumed>) = 0 [pid 432] close(5) = 0 [pid 432] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] exit_group(0) = ? [pid 433] <... futex resumed>) = ? [pid 432] <... futex resumed>) = ? [pid 432] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ [pid 431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x5555561b76a0, 24) = 0 [pid 434] chdir("./29") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 434] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[435]}, 88) = 435 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 434] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[436]}, 88) = 436 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 436] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 436] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x7ff5a95349a0, 24 [pid 436] <... open resumed>) = 4 [pid 435] <... set_robust_list resumed>) = 0 [pid 436] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] rt_sigprocmask(SIG_SETMASK, [], [pid 436] <... futex resumed>) = 1 [pid 435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 434] <... futex resumed>) = 0 [pid 436] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] memfd_create("syzkaller", 0 [pid 434] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... memfd_create resumed>) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 436] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 436] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 436] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 436] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 436] <... futex resumed>) = 1 [pid 436] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... write resumed>) = 262144 [pid 435] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] mkdir("./file1", 0777) = 0 [ 24.237611][ T432] loop0: detected capacity change from 0 to 512 [ 24.249056][ T432] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [ 24.275848][ T435] loop0: detected capacity change from 0 to 512 [pid 435] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 435] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file1") = 0 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] exit_group(0 [pid 436] <... futex resumed>) = ? [pid 434] <... exit_group resumed>) = ? [pid 436] +++ exited with 0 +++ [pid 435] <... futex resumed>) = ? [pid 435] +++ exited with 0 +++ [pid 434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x5555561b76a0, 24) = 0 [pid 439] chdir("./30") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 439] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[440]}, 88) = 440 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 439] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[441]}, 88) = 441 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] memfd_create("syzkaller", 0) = 3 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 441] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 441] <... mount resumed>) = 0 [pid 441] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 441] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] <... write resumed>) = 262144 [pid 439] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] munmap(0x7ff5a10f3000, 138412032 [pid 441] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 440] <... munmap resumed>) = 0 [pid 441] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 441] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... openat resumed>) = 6 [pid 441] <... futex resumed>) = 1 [pid 439] <... futex resumed>) = 0 [pid 440] ioctl(6, LOOP_SET_FD, 3 [pid 439] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.290918][ T435] EXT4-fs (loop0): 1 orphan inode deleted [ 24.296824][ T435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.305871][ T435] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/29/file1 supports timestamps until 2038 (0x7fffffff) [ 24.324474][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 439] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 440] <... ioctl resumed>) = 0 [pid 440] close(3) = 0 [pid 440] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 440] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 441] <... write resumed>) = -1 EIO (Input/output error) [pid 441] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [ 24.367407][ T440] loop0: detected capacity change from 0 to 512 [ 24.369730][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 24.391181][ T440] EXT4-fs (loop0): 1 orphan inode deleted [ 24.396873][ T440] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.405797][ T440] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/30/bus supports timestamps until 2038 (0x7fffffff) [pid 441] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... mount resumed>) = -1 ENOTDIR (Not a directory) [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] exit_group(0 [pid 441] <... futex resumed>) = ? [pid 439] <... exit_group resumed>) = ? [pid 441] +++ exited with 0 +++ [pid 440] <... futex resumed>) = ? [pid 440] +++ exited with 0 +++ [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 444 ./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x5555561b76a0, 24) = 0 [pid 444] chdir("./31") = 0 [pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 444] setpgid(0, 0) = 0 [pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 444] write(3, "1000", 4) = 4 [pid 444] close(3) = 0 [pid 444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 444] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 444] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[445]}, 88) = 445 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 444] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[446]}, 88) = 446 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 446] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 446] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 446] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 446] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 446] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 445] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.417953][ T440] EXT4-fs (loop0): unmounting filesystem. [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] mkdir("./file1", 0777) = 0 [pid 445] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 445] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file1") = 0 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 444] exit_group(0 [pid 446] <... futex resumed>) = ? [pid 444] <... exit_group resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 445] <... futex resumed>) = ? [pid 445] +++ exited with 0 +++ [pid 444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 24.459473][ T445] loop0: detected capacity change from 0 to 512 [ 24.471287][ T445] EXT4-fs (loop0): 1 orphan inode deleted [ 24.476854][ T445] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.485630][ T445] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/31/file1 supports timestamps until 2038 (0x7fffffff) umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x5555561b76a0, 24) = 0 [pid 449] chdir("./32") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 449] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[450]}, 88) = 450 [pid 449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 449] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 449] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[451]}, 88) = 451 [pid 449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 449] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 450] memfd_create("syzkaller", 0) = 3 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 450] munmap(0x7ff5a10f3000, 138412032) = 0 ./strace-static-x86_64: Process 451 attached [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 450] ioctl(4, LOOP_SET_FD, 3 [pid 451] set_robust_list(0x7ff5a95139a0, 24) = 0 [ 24.504773][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 451] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... futex resumed>) = 0 [pid 451] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 451] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... futex resumed>) = 1 [pid 451] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 451] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... futex resumed>) = 1 [pid 451] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 450] <... ioctl resumed>) = 0 [pid 450] close(3) = 0 [pid 450] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 450] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 451] <... write resumed>) = -1 EIO (Input/output error) [pid 451] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = 1 [pid 449] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 451] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = 1 [pid 451] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 450] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 450] ioctl(4, LOOP_CLR_FD) = 0 [pid 450] close(4) = 0 [pid 450] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] exit_group(0) = ? [pid 450] <... futex resumed>) = ? [pid 450] +++ exited with 0 +++ [pid 451] <... futex resumed>) = ? [pid 451] +++ exited with 0 +++ [pid 449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 454 attached , child_tidptr=0x5555561b7690) = 454 [pid 454] set_robust_list(0x5555561b76a0, 24) = 0 [pid 454] chdir("./33") = 0 [pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 454] setpgid(0, 0) = 0 [pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 454] write(3, "1000", 4) = 4 [pid 454] close(3) = 0 [pid 454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 454] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 454] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[455]}, 88) = 455 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 454] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[456]}, 88) = 456 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 456] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 455 attached NULL, 8) = 0 [pid 456] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 455] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] memfd_create("syzkaller", 0 [pid 456] <... open resumed>) = 3 [pid 456] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] <... memfd_create resumed>) = 4 [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] <... futex resumed>) = 1 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 455] <... mmap resumed>) = 0x7ff5a10f3000 [pid 456] <... mount resumed>) = 0 [pid 456] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] <... futex resumed>) = 0 [pid 456] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 454] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... futex resumed>) = 0 [pid 456] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 456] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... futex resumed>) = 1 [pid 456] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 456] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... futex resumed>) = 1 [pid 455] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 456] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 456] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] <... futex resumed>) = 0 [pid 456] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 455] <... write resumed>) = 262144 [pid 455] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.541085][ T450] loop0: detected capacity change from 0 to 512 [ 24.546272][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 24.559842][ T450] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 24.573090][ T450] EXT4-fs (loop0): get root inode failed [ 24.578530][ T450] EXT4-fs (loop0): mount failed [pid 455] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 455] close(4) = 0 [pid 455] mkdir("./file1", 0777) = 0 [pid 455] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 455] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 455] chdir("./file1") = 0 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 454] exit_group(0) = ? [pid 455] <... futex resumed>) = ? [pid 455] +++ exited with 0 +++ [pid 456] <... futex resumed>) = ? [pid 456] +++ exited with 0 +++ [pid 454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=454, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 24.608599][ T455] loop0: detected capacity change from 0 to 512 [ 24.620936][ T455] EXT4-fs (loop0): 1 orphan inode deleted [ 24.626611][ T455] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.635592][ T455] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/33/file1 supports timestamps until 2038 (0x7fffffff) umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 459 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x5555561b76a0, 24) = 0 [pid 459] chdir("./34") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 459] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[460]}, 88) = 460 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 459] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[461]}, 88) = 461 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] memfd_create("syzkaller", 0) = 3 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 461] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.655172][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 461] <... futex resumed>) = 1 [pid 460] <... write resumed>) = 262144 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 460] munmap(0x7ff5a10f3000, 138412032 [pid 461] <... mount resumed>) = 0 [pid 461] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 461] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... munmap resumed>) = 0 [pid 461] <... futex resumed>) = 1 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 461] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 461] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 461] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... openat resumed>) = 6 [pid 461] <... futex resumed>) = 1 [pid 460] ioctl(6, LOOP_SET_FD, 3 [pid 461] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 460] <... ioctl resumed>) = 0 [pid 460] close(3) = 0 [pid 460] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 460] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] exit_group(0 [pid 461] <... futex resumed>) = ? [pid 460] <... futex resumed>) = ? [pid 459] <... exit_group resumed>) = ? [pid 461] +++ exited with 0 +++ [ 24.706822][ T460] loop0: detected capacity change from 0 to 512 [ 24.720971][ T460] EXT4-fs (loop0): 1 orphan inode deleted [ 24.726570][ T460] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.735679][ T460] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/34/bus supports timestamps until 2038 (0x7fffffff) [ 24.747898][ T460] EXT4-fs (loop0): unmounting filesystem. [pid 460] +++ exited with 0 +++ [pid 459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x5555561b76a0, 24) = 0 [pid 464] chdir("./35") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 464] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 464 [pid 464] <... mprotect resumed>) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[465]}, 88) = 465 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 464] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[466]}, 88) = 466 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 466] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 466] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 466] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 466] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 466] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 466] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 466] <... futex resumed>) = 1 [pid 466] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 465] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] mkdir("./file1", 0777) = 0 [pid 465] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 465] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file1") = 0 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] exit_group(0 [pid 466] <... futex resumed>) = ? [pid 464] <... exit_group resumed>) = ? [pid 466] +++ exited with 0 +++ [pid 465] <... futex resumed>) = ? [pid 465] +++ exited with 0 +++ [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 24.808247][ T465] loop0: detected capacity change from 0 to 512 [ 24.821907][ T465] EXT4-fs (loop0): 1 orphan inode deleted [ 24.827527][ T465] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.836289][ T465] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/35/file1 supports timestamps until 2038 (0x7fffffff) umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x5555561b76a0, 24) = 0 [pid 469] chdir("./36") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 469] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 469] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x7ff5a95349a0, 24 [pid 469] <... clone3 resumed> => {parent_tid=[470]}, 88) = 470 [pid 470] <... set_robust_list resumed>) = 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_SETMASK, [], [pid 469] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] memfd_create("syzkaller", 0 [pid 469] <... futex resumed>) = 0 [pid 470] <... memfd_create resumed>) = 3 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 469] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] <... mmap resumed>) = 0x7ff5a10f3000 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 471 attached => {parent_tid=[471]}, 88) = 471 [pid 471] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] rt_sigprocmask(SIG_SETMASK, [], [pid 470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 469] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 0 [pid 471] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 471] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 470] <... write resumed>) = 262144 [pid 471] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] munmap(0x7ff5a10f3000, 138412032 [pid 471] <... futex resumed>) = 1 [pid 471] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 470] <... munmap resumed>) = 0 [pid 471] <... open resumed>) = 5 [pid 471] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] ioctl(6, LOOP_SET_FD, 3 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 471] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 470] <... ioctl resumed>) = 0 [pid 470] close(3) = 0 [pid 470] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 24.865297][ T297] EXT4-fs (loop0): unmounting filesystem. [ 24.905541][ T470] loop0: detected capacity change from 0 to 512 [pid 470] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 471] <... write resumed>) = -1 EIO (Input/output error) [pid 471] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 471] <... futex resumed>) = 1 [pid 471] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... mount resumed>) = -1 ENOTDIR (Not a directory) [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] exit_group(0 [pid 471] <... futex resumed>) = ? [pid 469] <... exit_group resumed>) = ? [pid 471] +++ exited with 0 +++ [pid 470] <... futex resumed>) = ? [pid 470] +++ exited with 0 +++ [pid 469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=469, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 24.905738][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 24.931020][ T470] EXT4-fs (loop0): 1 orphan inode deleted [ 24.936574][ T470] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.945395][ T470] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/36/bus supports timestamps until 2038 (0x7fffffff) [ 24.957379][ T470] EXT4-fs (loop0): unmounting filesystem. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x5555561b76a0, 24) = 0 [pid 474] chdir("./37") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 474] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[475]}, 88) = 475 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 474] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 476 attached ./strace-static-x86_64: Process 475 attached => {parent_tid=[476]}, 88) = 476 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] set_robust_list(0x7ff5a95349a0, 24 [pid 476] set_robust_list(0x7ff5a95139a0, 24 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... set_robust_list resumed>) = 0 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] memfd_create("syzkaller", 0) = 3 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 476] <... set_robust_list resumed>) = 0 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 476] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 476] <... futex resumed>) = 1 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 475] <... write resumed>) = 262144 [pid 476] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 475] ioctl(5, LOOP_SET_FD, 3 [pid 476] <... futex resumed>) = 1 [pid 476] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... ioctl resumed>) = 0 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 474] <... futex resumed>) = 1 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 475] close(3) = 0 [pid 475] mkdir("./bus", 0777 [pid 476] <... open resumed>) = 3 [pid 475] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 475] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 476] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 476] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 474] <... futex resumed>) = 0 [pid 476] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... write resumed>) = 8 [pid 476] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 1 [pid 476] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 475] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 475] ioctl(5, LOOP_CLR_FD) = 0 [pid 475] close(5 [pid 476] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... close resumed>) = 0 [pid 475] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 1 [pid 474] <... futex resumed>) = 0 [pid 476] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] exit_group(0) = ? [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 0 +++ [pid 475] <... futex resumed>) = ? [pid 475] +++ exited with 0 +++ [pid 474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x5555561b76a0, 24) = 0 [pid 477] chdir("./38") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 477] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 478 attached => {parent_tid=[478]}, 88) = 478 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 477] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 478] set_robust_list(0x7ff5a95349a0, 24 [pid 477] <... clone3 resumed> => {parent_tid=[479]}, 88) = 479 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 478] <... set_robust_list resumed>) = 0 [pid 479] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 479] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 479] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 479] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 479] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 1 [pid 479] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 478] memfd_create("syzkaller", 0) = 5 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 478] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 478] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.004239][ T475] loop0: detected capacity change from 0 to 512 [ 25.013095][ T475] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 478] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 478] close(5) = 0 [pid 478] mkdir("./file1", 0777) = 0 [ 25.045939][ T478] loop0: detected capacity change from 0 to 512 [ 25.071209][ T478] EXT4-fs (loop0): 1 orphan inode deleted [ 25.076799][ T478] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 478] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 478] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 478] chdir("./file1") = 0 [pid 478] ioctl(6, LOOP_CLR_FD) = 0 [pid 478] close(6) = 0 [pid 478] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] exit_group(0 [pid 478] <... futex resumed>) = ? [pid 477] <... exit_group resumed>) = ? [pid 478] +++ exited with 0 +++ [pid 479] <... futex resumed>) = ? [pid 479] +++ exited with 0 +++ [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x5555561b76a0, 24) = 0 [pid 482] chdir("./39") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 482] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 482] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 482] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[484]}, 88) = 484 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 484] <... open resumed>) = 4 [pid 484] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 484] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 484] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 484] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 484] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 484] <... futex resumed>) = 1 [pid 484] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... write resumed>) = 262144 [pid 483] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.085752][ T478] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/38/file1 supports timestamps until 2038 (0x7fffffff) [ 25.106331][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 483] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 483] close(3) = 0 [pid 483] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 483] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 482] exit_group(0 [pid 484] <... futex resumed>) = ? [pid 482] <... exit_group resumed>) = ? [pid 484] +++ exited with 0 +++ [pid 483] <... futex resumed>) = ? [pid 483] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 488 ./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x5555561b76a0, 24) = 0 [ 25.149472][ T483] loop0: detected capacity change from 0 to 512 [ 25.161407][ T483] EXT4-fs (loop0): 1 orphan inode deleted [ 25.166969][ T483] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.175757][ T483] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/39/bus supports timestamps until 2038 (0x7fffffff) [ 25.187847][ T483] EXT4-fs (loop0): unmounting filesystem. [pid 488] chdir("./40") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 488] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 489 attached => {parent_tid=[489]}, 88) = 489 [pid 489] set_robust_list(0x7ff5a95349a0, 24 [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 489] <... set_robust_list resumed>) = 0 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 488] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] <... futex resumed>) = 0 [pid 489] memfd_create("syzkaller", 0 [pid 488] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... memfd_create resumed>) = 3 [pid 488] <... futex resumed>) = 0 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 489] <... mmap resumed>) = 0x7ff5a10f3000 [pid 488] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... clone3 resumed> => {parent_tid=[490]}, 88) = 490 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 490] <... futex resumed>) = 0 [pid 490] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 488] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... open resumed>) = 4 [pid 489] <... write resumed>) = 262144 [pid 490] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] munmap(0x7ff5a10f3000, 138412032 [pid 490] <... futex resumed>) = 1 [pid 490] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 489] <... munmap resumed>) = 0 [pid 488] <... futex resumed>) = 1 [pid 490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 488] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... openat resumed>) = 5 [pid 490] <... mount resumed>) = 0 [pid 489] ioctl(5, LOOP_SET_FD, 3 [pid 490] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... ioctl resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 489] close(3 [pid 488] <... futex resumed>) = 0 [pid 490] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 489] <... close resumed>) = 0 [pid 488] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] <... open resumed>) = 3 [pid 488] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] mkdir("./bus", 0777 [pid 490] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 490] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 489] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 488] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... write resumed>) = 8 [pid 489] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 490] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 490] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 488] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... write resumed>) = 1045 [pid 490] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 490] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 489] ioctl(5, LOOP_CLR_FD) = 0 [pid 489] close(5) = 0 [pid 489] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] exit_group(0 [pid 490] <... futex resumed>) = ? [pid 488] <... exit_group resumed>) = ? [pid 490] +++ exited with 0 +++ [pid 489] <... futex resumed>) = ? [pid 489] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 491 ./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x5555561b76a0, 24) = 0 [pid 491] chdir("./41") = 0 [pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 491] setpgid(0, 0) = 0 [pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 491] write(3, "1000", 4) = 4 [pid 491] close(3) = 0 [pid 491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 491] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 491] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 492 attached => {parent_tid=[492]}, 88) = 492 [pid 492] set_robust_list(0x7ff5a95349a0, 24 [pid 491] rt_sigprocmask(SIG_SETMASK, [], [pid 492] <... set_robust_list resumed>) = 0 [pid 491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 492] rt_sigprocmask(SIG_SETMASK, [], [pid 491] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 491] <... futex resumed>) = 0 [pid 492] memfd_create("syzkaller", 0 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] <... memfd_create resumed>) = 3 [pid 491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 491] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 492] <... mmap resumed>) = 0x7ff5a10f3000 [pid 491] <... mprotect resumed>) = 0 [pid 491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 491] <... clone3 resumed> => {parent_tid=[493]}, 88) = 493 [pid 491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 491] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... open resumed>) = 4 [pid 493] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 493] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... open resumed>) = 5 [pid 493] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] <... futex resumed>) = 0 [pid 493] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 491] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 493] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] <... futex resumed>) = 0 [pid 493] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 491] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 491] <... futex resumed>) = 0 [pid 493] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 0 [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] <... write resumed>) = 262144 [pid 492] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.243149][ T489] loop0: detected capacity change from 0 to 512 [ 25.252400][ T489] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 492] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 492] close(3) = 0 [pid 492] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 492] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 492] ioctl(6, LOOP_CLR_FD) = 0 [pid 492] close(6) = 0 [pid 492] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 491] exit_group(0 [pid 493] <... futex resumed>) = ? [pid 492] <... futex resumed>) = ? [pid 491] <... exit_group resumed>) = ? [pid 493] +++ exited with 0 +++ [pid 492] +++ exited with 0 +++ [pid 491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=491, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 497 ./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x5555561b76a0, 24) = 0 [pid 497] chdir("./42") = 0 [pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 497] setpgid(0, 0) = 0 [pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 497] write(3, "1000", 4) = 4 [pid 497] close(3) = 0 [pid 497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 497] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 497] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 498 attached => {parent_tid=[498]}, 88) = 498 [pid 498] set_robust_list(0x7ff5a95349a0, 24 [ 25.296648][ T492] loop0: detected capacity change from 0 to 512 [ 25.311883][ T492] EXT4-fs (loop0): 1 orphan inode deleted [ 25.317551][ T492] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.326525][ T492] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/41/bus supports timestamps until 2038 (0x7fffffff) [ 25.338692][ T492] EXT4-fs (loop0): unmounting filesystem. [pid 497] rt_sigprocmask(SIG_SETMASK, [], [pid 498] <... set_robust_list resumed>) = 0 [pid 497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 498] rt_sigprocmask(SIG_SETMASK, [], [pid 497] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] memfd_create("syzkaller", 0 [pid 497] <... futex resumed>) = 0 [pid 498] <... memfd_create resumed>) = 3 [pid 497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 497] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 498] <... mmap resumed>) = 0x7ff5a10f3000 [pid 497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 499 attached => {parent_tid=[499]}, 88) = 499 [pid 499] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 497] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 497] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... open resumed>) = 4 [pid 499] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 497] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 497] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... mount resumed>) = 0 [pid 499] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] <... futex resumed>) = 0 [pid 499] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 497] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... open resumed>) = 5 [pid 499] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] <... futex resumed>) = 0 [pid 499] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 499] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 497] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = 1 [pid 497] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 497] <... futex resumed>) = 0 [pid 499] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 497] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] <... futex resumed>) = 0 [pid 499] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 498] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 498] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 498] close(3) = 0 [pid 498] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 498] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 498] ioctl(6, LOOP_CLR_FD) = 0 [pid 498] close(6) = 0 [pid 498] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] exit_group(0 [pid 499] <... futex resumed>) = ? [pid 497] <... exit_group resumed>) = ? [pid 499] +++ exited with 0 +++ [pid 498] <... futex resumed>) = ? [pid 498] +++ exited with 0 +++ [pid 497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=497, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 502 ./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x5555561b76a0, 24) = 0 [pid 502] chdir("./43") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 502] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 502] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[503]}, 88) = 503 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 502] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[504]}, 88) = 504 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] memfd_create("syzkaller", 0) = 3 [pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x7ff5a95139a0, 24 [pid 503] <... write resumed>) = 262144 [pid 503] munmap(0x7ff5a10f3000, 138412032 [pid 504] <... set_robust_list resumed>) = 0 [pid 504] rt_sigprocmask(SIG_SETMASK, [], [pid 503] <... munmap resumed>) = 0 [pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 503] ioctl(4, LOOP_SET_FD, 3 [pid 504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 504] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 504] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 25.388007][ T498] loop0: detected capacity change from 0 to 512 [ 25.401479][ T498] EXT4-fs (loop0): 1 orphan inode deleted [ 25.407171][ T498] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.415915][ T498] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/42/bus supports timestamps until 2038 (0x7fffffff) [ 25.428068][ T498] EXT4-fs (loop0): unmounting filesystem. [pid 502] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 0 [pid 504] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 504] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 504] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 503] <... ioctl resumed>) = 0 [pid 504] <... write resumed>) = -1 EIO (Input/output error) [pid 503] close(3) = 0 [pid 504] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 504] <... futex resumed>) = 1 [pid 502] <... futex resumed>) = 0 [pid 504] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 503] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 502] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... write resumed>) = 1045 [pid 504] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 504] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 503] ioctl(4, LOOP_CLR_FD) = 0 [pid 503] close(4) = 0 [pid 503] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] exit_group(0 [pid 504] <... futex resumed>) = ? [pid 502] <... exit_group resumed>) = ? [pid 504] +++ exited with 0 +++ [pid 503] <... futex resumed>) = ? [pid 503] +++ exited with 0 +++ [pid 502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 505 attached , child_tidptr=0x5555561b7690) = 505 [pid 505] set_robust_list(0x5555561b76a0, 24) = 0 [pid 505] chdir("./44") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 505] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 506 attached => {parent_tid=[506]}, 88) = 506 [pid 506] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 506] memfd_create("syzkaller", 0 [pid 505] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] <... memfd_create resumed>) = 3 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 505] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[507]}, 88) = 507 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 505] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 506] <... write resumed>) = 262144 [pid 506] munmap(0x7ff5a10f3000, 138412032 [pid 507] rt_sigprocmask(SIG_SETMASK, [], [pid 506] <... munmap resumed>) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.452222][ T503] loop0: detected capacity change from 0 to 512 [ 25.454929][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 25.469549][ T503] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 506] ioctl(4, LOOP_SET_FD, 3 [pid 507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 506] <... ioctl resumed>) = 0 [pid 506] close(3) = 0 [pid 506] mkdir("./file1", 0777 [pid 507] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 506] <... mkdir resumed>) = 0 [pid 506] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOENT (No such file or directory) [pid 506] ioctl(4, LOOP_CLR_FD [pid 507] <... open resumed>) = 3 [pid 507] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 507] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 0 [pid 507] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 507] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 507] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] <... futex resumed>) = 1 [pid 505] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 506] <... ioctl resumed>) = 0 [pid 507] <... write resumed>) = -1 EIO (Input/output error) [pid 507] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] close(4 [pid 507] <... futex resumed>) = 1 [pid 506] <... close resumed>) = 0 [pid 505] <... futex resumed>) = 0 [pid 507] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 506] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 506] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = 0 [pid 507] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 507] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] exit_group(0 [pid 507] <... futex resumed>) = ? [pid 506] <... futex resumed>) = ? [pid 505] <... exit_group resumed>) = ? [pid 507] +++ exited with 0 +++ [pid 506] +++ exited with 0 +++ [pid 505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x5555561b76a0, 24) = 0 [pid 508] chdir("./45") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 508] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 508] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[509]}, 88) = 509 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 ./strace-static-x86_64: Process 509 attached [pid 508] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [pid 509] set_robust_list(0x7ff5a95349a0, 24 [pid 508] <... rt_sigprocmask resumed>[], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[510]}, 88) = 510 [pid 509] <... set_robust_list resumed>) = 0 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 509] rt_sigprocmask(SIG_SETMASK, [], [pid 510] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] <... open resumed>) = 3 [pid 510] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 510] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 510] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 510] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 510] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 1 [pid 510] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] memfd_create("syzkaller", 0) = 5 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 509] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 509] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.500471][ T506] loop0: detected capacity change from 0 to 512 [ 25.521248][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [pid 509] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 509] close(5) = 0 [pid 509] mkdir("./file1", 0777) = 0 [pid 509] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 509] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 509] chdir("./file1") = 0 [pid 509] ioctl(6, LOOP_CLR_FD) = 0 [pid 509] close(6) = 0 [pid 509] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] exit_group(0 [pid 510] <... futex resumed>) = ? [pid 508] <... exit_group resumed>) = ? [pid 510] +++ exited with 0 +++ [pid 509] <... futex resumed>) = ? [pid 509] +++ exited with 0 +++ [pid 508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.558448][ T509] loop0: detected capacity change from 0 to 512 [ 25.581210][ T509] EXT4-fs (loop0): 1 orphan inode deleted [ 25.586879][ T509] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.595730][ T509] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/45/file1 supports timestamps until 2038 (0x7fffffff) unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x5555561b76a0, 24) = 0 [pid 513] chdir("./46") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 513] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 514 attached => {parent_tid=[514]}, 88) = 514 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] set_robust_list(0x7ff5a95349a0, 24 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... set_robust_list resumed>) = 0 [pid 514] rt_sigprocmask(SIG_SETMASK, [], [pid 513] <... futex resumed>) = 0 [pid 514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 514] memfd_create("syzkaller", 0 [pid 513] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] <... memfd_create resumed>) = 3 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] <... mmap resumed>) = 0x7ff5a10f3000 [pid 513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[515]}, 88) = 515 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 515 attached [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 515] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 515] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 515] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 515] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 515] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 515] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 515] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 515] <... futex resumed>) = 1 [pid 515] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] <... write resumed>) = 262144 [pid 514] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 514] close(3) = 0 [pid 514] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 25.617492][ T297] EXT4-fs (loop0): unmounting filesystem. [ 25.657562][ T514] loop0: detected capacity change from 0 to 512 [pid 514] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 514] ioctl(6, LOOP_CLR_FD) = 0 [pid 514] close(6) = 0 [pid 514] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] exit_group(0 [pid 515] <... futex resumed>) = ? [pid 513] <... exit_group resumed>) = ? [pid 515] +++ exited with 0 +++ [pid 514] <... futex resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 518 ./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x5555561b76a0, 24) = 0 [pid 518] chdir("./47") = 0 [pid 518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 518] setpgid(0, 0) = 0 [pid 518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 518] write(3, "1000", 4) = 4 [pid 518] close(3) = 0 [pid 518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 518] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 518] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[519]}, 88) = 519 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 518] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[520]}, 88) = 520 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] memfd_create("syzkaller", 0) = 3 [pid 519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 519] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.671184][ T514] EXT4-fs (loop0): 1 orphan inode deleted [ 25.676755][ T514] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.685652][ T514] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/46/bus supports timestamps until 2038 (0x7fffffff) [ 25.697898][ T514] EXT4-fs (loop0): unmounting filesystem. [pid 519] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 520 attached ) = 0 [pid 519] close(3) = 0 [pid 519] mkdir("./file1", 0777) = 0 [pid 519] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 520] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 520] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 1 [pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 520] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 1 [pid 520] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 520] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 1 [pid 520] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 520] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 1 [pid 520] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 520] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 520] <... futex resumed>) = 1 [pid 520] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 519] ioctl(4, LOOP_CLR_FD) = 0 [pid 519] close(4) = 0 [pid 519] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 518] exit_group(0) = ? [pid 519] <... futex resumed>) = ? [pid 519] +++ exited with 0 +++ [pid 520] <... futex resumed>) = ? [pid 520] +++ exited with 0 +++ [pid 518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=518, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x5555561b76a0, 24) = 0 [pid 523] chdir("./48") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 523] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 523] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[524]}, 88) = 524 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 523] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 524 attached [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[525]}, 88) = 525 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 524] set_robust_list(0x7ff5a95349a0, 24 [pid 525] <... open resumed>) = 3 [pid 524] <... set_robust_list resumed>) = 0 [pid 525] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 524] rt_sigprocmask(SIG_SETMASK, [], [pid 525] <... mount resumed>) = 0 [pid 524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 525] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 525] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 525] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 525] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 525] <... futex resumed>) = 1 [pid 525] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 524] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.724338][ T519] loop0: detected capacity change from 0 to 512 [ 25.740018][ T519] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 25.753391][ T519] EXT4-fs (loop0): get root inode failed [ 25.758956][ T519] EXT4-fs (loop0): mount failed [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] mkdir("./file1", 0777) = 0 [ 25.782531][ T524] loop0: detected capacity change from 0 to 512 [ 25.811003][ T524] EXT4-fs (loop0): 1 orphan inode deleted [ 25.816590][ T524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 524] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 524] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file1") = 0 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] exit_group(0 [pid 525] <... futex resumed>) = ? [pid 523] <... exit_group resumed>) = ? [pid 525] +++ exited with 0 +++ [pid 524] <... futex resumed>) = ? [pid 524] +++ exited with 0 +++ [pid 523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x5555561b76a0, 24) = 0 [pid 529] chdir("./49") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 529] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 529] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 530 attached => {parent_tid=[530]}, 88) = 530 [pid 530] set_robust_list(0x7ff5a95349a0, 24 [pid 529] rt_sigprocmask(SIG_SETMASK, [], [pid 530] <... set_robust_list resumed>) = 0 [pid 529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], [pid 529] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 529] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[531]}, 88) = 531 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] memfd_create("syzkaller", 0) = 3 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 531] <... open resumed>) = 4 [pid 531] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... write resumed>) = 262144 [pid 530] munmap(0x7ff5a10f3000, 138412032 [pid 531] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... munmap resumed>) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 25.825805][ T524] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/48/file1 supports timestamps until 2038 (0x7fffffff) [ 25.848948][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 530] ioctl(5, LOOP_SET_FD, 3 [pid 531] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 531] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... ioctl resumed>) = 0 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] close(3) = 0 [pid 531] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 530] mkdir("./bus", 0777 [pid 531] <... open resumed>) = 3 [pid 530] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 530] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 531] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 531] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 531] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 531] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 530] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 530] ioctl(5, LOOP_CLR_FD) = 0 [pid 530] close(5) = 0 [pid 530] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] exit_group(0) = ? [pid 530] <... futex resumed>) = ? [pid 530] +++ exited with 0 +++ [pid 531] <... futex resumed>) = ? [pid 531] +++ exited with 0 +++ [pid 529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x5555561b76a0, 24) = 0 [pid 532] chdir("./50") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 532] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[533]}, 88) = 533 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 532] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[534]}, 88) = 534 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 534 attached [pid 534] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 534] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000./strace-static-x86_64: Process 533 attached ) = 3 [pid 534] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 534] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 534] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 534] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 534] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 534] <... futex resumed>) = 1 [pid 533] set_robust_list(0x7ff5a95349a0, 24 [pid 534] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 533] <... set_robust_list resumed>) = 0 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] memfd_create("syzkaller", 0) = 5 [pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 533] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 533] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.883999][ T530] loop0: detected capacity change from 0 to 512 [ 25.892533][ T530] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 533] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 533] close(5) = 0 [pid 533] mkdir("./file1", 0777) = 0 [ 25.925069][ T533] loop0: detected capacity change from 0 to 512 [ 25.951352][ T533] EXT4-fs (loop0): 1 orphan inode deleted [ 25.956926][ T533] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 533] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 533] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 533] chdir("./file1") = 0 [pid 533] ioctl(6, LOOP_CLR_FD) = 0 [pid 533] close(6) = 0 [pid 533] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] exit_group(0 [pid 534] <... futex resumed>) = ? [pid 532] <... exit_group resumed>) = ? [pid 534] +++ exited with 0 +++ [pid 533] <... futex resumed>) = ? [pid 533] +++ exited with 0 +++ [pid 532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=532, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 537 ./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x5555561b76a0, 24) = 0 [pid 537] chdir("./51") = 0 [pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 537] setpgid(0, 0) = 0 [pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 537] write(3, "1000", 4) = 4 [pid 537] close(3) = 0 [pid 537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 537] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 537] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x7ff5a95349a0, 24 [pid 537] <... clone3 resumed> => {parent_tid=[538]}, 88) = 538 [pid 538] <... set_robust_list resumed>) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] rt_sigprocmask(SIG_SETMASK, [], [pid 537] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] memfd_create("syzkaller", 0 [pid 537] <... futex resumed>) = 0 [pid 537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 538] <... memfd_create resumed>) = 3 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 537] <... mmap resumed>) = 0x7ff5a94f3000 [pid 537] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 538] <... mmap resumed>) = 0x7ff5a10f3000 [pid 537] <... mprotect resumed>) = 0 [pid 537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 539 attached => {parent_tid=[539]}, 88) = 539 [pid 539] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 539] <... futex resumed>) = 0 [pid 539] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... open resumed>) = 4 [pid 539] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 539] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 537] <... futex resumed>) = 1 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 539] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 539] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 537] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... open resumed>) = 5 [pid 539] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 539] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 537] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 537] <... futex resumed>) = 0 [pid 539] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 539] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 539] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 538] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.966085][ T533] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/50/file1 supports timestamps until 2038 (0x7fffffff) [ 25.989746][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 538] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 538] close(3) = 0 [pid 538] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 538] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 538] ioctl(6, LOOP_CLR_FD) = 0 [pid 538] close(6) = 0 [pid 538] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] exit_group(0) = ? [pid 539] <... futex resumed>) = ? [pid 538] <... futex resumed>) = ? [pid 539] +++ exited with 0 +++ [pid 538] +++ exited with 0 +++ [pid 537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x5555561b76a0, 24) = 0 [pid 542] chdir("./52") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 542] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 542] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[543]}, 88) = 543 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 542] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[544]}, 88) = 544 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 543] memfd_create("syzkaller", 0) = 3 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 543] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 543] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 544 attached [ 26.026807][ T538] loop0: detected capacity change from 0 to 512 [ 26.041322][ T538] EXT4-fs (loop0): 1 orphan inode deleted [ 26.047052][ T538] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 26.056015][ T538] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/51/bus supports timestamps until 2038 (0x7fffffff) [ 26.068240][ T538] EXT4-fs (loop0): unmounting filesystem. [pid 544] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 544] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 544] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 544] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 0 [pid 544] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 544] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 544] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 543] <... ioctl resumed>) = 0 [pid 543] close(3) = 0 [pid 543] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 543] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 544] <... write resumed>) = -1 EIO (Input/output error) [pid 544] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 544] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 544] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 543] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 543] ioctl(4, LOOP_CLR_FD) = 0 [pid 543] close(4) = 0 [pid 543] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] exit_group(0) = ? [pid 543] <... futex resumed>) = ? [pid 543] +++ exited with 0 +++ [pid 544] <... futex resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=542, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x5555561b76a0, 24) = 0 [pid 545] chdir("./53") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 545] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[546]}, 88) = 546 ./strace-static-x86_64: Process 546 attached [pid 545] rt_sigprocmask(SIG_SETMASK, [], [pid 546] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 546] rt_sigprocmask(SIG_SETMASK, [], [pid 545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 545] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] memfd_create("syzkaller", 0 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... memfd_create resumed>) = 3 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 545] <... futex resumed>) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 546] <... mmap resumed>) = 0x7ff5a1114000 [pid 545] <... mmap resumed>) = 0x7ff5a10f3000 [pid 546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 545] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 546] <... write resumed>) = 262144 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0}./strace-static-x86_64: Process 547 attached [pid 546] munmap(0x7ff5a1114000, 138412032 [pid 545] <... clone3 resumed> => {parent_tid=[547]}, 88) = 547 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... munmap resumed>) = 0 [pid 547] set_robust_list(0x7ff5a11139a0, 24 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... set_robust_list resumed>) = 0 [pid 546] <... openat resumed>) = 4 [pid 547] rt_sigprocmask(SIG_SETMASK, [], [ 26.100439][ T543] loop0: detected capacity change from 0 to 512 [ 26.106100][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 26.117618][ T543] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 546] ioctl(4, LOOP_SET_FD, 3 [pid 547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 546] <... ioctl resumed>) = 0 [pid 547] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 546] close(3 [pid 547] <... open resumed>) = 5 [pid 546] <... close resumed>) = 0 [pid 547] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] mkdir("./bus", 0777 [pid 547] <... futex resumed>) = 1 [pid 546] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 546] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 547] <... mount resumed>) = 0 [pid 545] <... futex resumed>) = 0 [pid 547] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 0 [pid 545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 545] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 545] <... futex resumed>) = 0 [pid 547] <... open resumed>) = 3 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 547] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 545] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... write resumed>) = 8 [pid 547] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 547] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 547] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 546] ioctl(4, LOOP_CLR_FD) = 0 [pid 546] close(4) = 0 [pid 546] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] exit_group(0 [pid 547] <... futex resumed>) = ? [pid 545] <... exit_group resumed>) = ? [pid 547] +++ exited with 0 +++ [pid 546] <... futex resumed>) = ? [pid 546] +++ exited with 0 +++ [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 550 attached , child_tidptr=0x5555561b7690) = 550 [pid 550] set_robust_list(0x5555561b76a0, 24) = 0 [pid 550] chdir("./54") = 0 [pid 550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 550] setpgid(0, 0) = 0 [pid 550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 550] write(3, "1000", 4) = 4 [pid 550] close(3) = 0 [pid 550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 550] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 550] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[551]}, 88) = 551 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 550] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[552]}, 88) = 552 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 552] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 552] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 552] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 552] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 552] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 552] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 552] <... futex resumed>) = 1 [pid 552] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] memfd_create("syzkaller", 0) = 5 [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 551] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 551] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.150298][ T546] loop0: detected capacity change from 0 to 512 [ 26.169924][ T546] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.183190][ T546] EXT4-fs (loop0): get root inode failed [ 26.188654][ T546] EXT4-fs (loop0): mount failed [pid 551] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 551] close(5) = 0 [pid 551] mkdir("./file1", 0777) = 0 [pid 551] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 551] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 551] chdir("./file1") = 0 [pid 551] ioctl(6, LOOP_CLR_FD) = 0 [pid 551] close(6) = 0 [pid 551] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] exit_group(0 [pid 552] <... futex resumed>) = ? [pid 550] <... exit_group resumed>) = ? [pid 552] +++ exited with 0 +++ [pid 551] <... futex resumed>) = ? [pid 551] +++ exited with 0 +++ [pid 550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=550, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 26.215150][ T551] loop0: detected capacity change from 0 to 512 [ 26.231023][ T551] EXT4-fs (loop0): 1 orphan inode deleted [ 26.236752][ T551] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 26.245746][ T551] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/54/file1 supports timestamps until 2038 (0x7fffffff) umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 556 ./strace-static-x86_64: Process 556 attached [pid 556] set_robust_list(0x5555561b76a0, 24) = 0 [pid 556] chdir("./55") = 0 [pid 556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 556] setpgid(0, 0) = 0 [pid 556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 556] write(3, "1000", 4) = 4 [pid 556] close(3) = 0 [pid 556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 556] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 556] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[557]}, 88) = 557 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 556] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[558]}, 88) = 558 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] memfd_create("syzkaller", 0) = 3 [pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 558 attached [pid 557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 558] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 557] <... write resumed>) = 262144 [pid 558] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] munmap(0x7ff5a10f3000, 138412032 [pid 558] <... futex resumed>) = 1 [pid 556] <... futex resumed>) = 0 [pid 556] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 557] <... munmap resumed>) = 0 [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 558] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] ioctl(5, LOOP_SET_FD, 3 [pid 558] <... futex resumed>) = 1 [pid 556] <... futex resumed>) = 0 [pid 556] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 558] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 558] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 556] <... futex resumed>) = 0 [pid 556] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 26.265048][ T297] EXT4-fs (loop0): unmounting filesystem. [pid 556] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 0 [pid 558] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 EIO (Input/output error) [pid 558] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] <... futex resumed>) = 0 [pid 556] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 EIO (Input/output error) [pid 558] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] <... futex resumed>) = 0 [pid 558] <... futex resumed>) = 1 [pid 558] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... ioctl resumed>) = 0 [pid 557] close(3) = 0 [pid 557] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 557] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 557] ioctl(5, LOOP_CLR_FD) = 0 [pid 557] close(5) = 0 [pid 557] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 556] exit_group(0 [pid 558] <... futex resumed>) = ? [pid 556] <... exit_group resumed>) = ? [pid 558] +++ exited with 0 +++ [pid 557] <... futex resumed>) = ? [pid 557] +++ exited with 0 +++ [pid 556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=556, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 561 ./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x5555561b76a0, 24) = 0 [pid 561] chdir("./56") = 0 [pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 561] setpgid(0, 0) = 0 [pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 561] write(3, "1000", 4) = 4 [pid 561] close(3) = 0 [pid 561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 561] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 561] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 562 attached => {parent_tid=[562]}, 88) = 562 [pid 562] set_robust_list(0x7ff5a95349a0, 24 [pid 561] rt_sigprocmask(SIG_SETMASK, [], [pid 562] <... set_robust_list resumed>) = 0 [pid 561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 561] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] rt_sigprocmask(SIG_SETMASK, [], [pid 561] <... futex resumed>) = 0 [pid 562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 561] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 562] memfd_create("syzkaller", 0 [pid 561] <... mmap resumed>) = 0x7ff5a94f3000 [pid 562] <... memfd_create resumed>) = 3 [pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 561] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 26.307718][ T557] loop0: detected capacity change from 0 to 512 [ 26.321078][ T557] EXT4-fs (loop0): 1 orphan inode deleted [ 26.326623][ T557] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 26.335536][ T557] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/55/bus supports timestamps until 2038 (0x7fffffff) [ 26.347705][ T557] EXT4-fs (loop0): unmounting filesystem. [pid 561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 563 attached => {parent_tid=[563]}, 88) = 563 [pid 561] rt_sigprocmask(SIG_SETMASK, [], [pid 563] set_robust_list(0x7ff5a95139a0, 24 [pid 561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 561] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... set_robust_list resumed>) = 0 [pid 562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 562] <... write resumed>) = 262144 [pid 562] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 562] ioctl(5, LOOP_SET_FD, 3 [pid 563] <... open resumed>) = 4 [pid 562] <... ioctl resumed>) = 0 [pid 562] close(3) = 0 [pid 562] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 562] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 563] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 563] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 561] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 561] <... futex resumed>) = 1 [pid 563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 561] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... mount resumed>) = 0 [pid 563] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 563] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 561] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... open resumed>) = 3 [pid 561] <... futex resumed>) = 0 [pid 563] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... futex resumed>) = 0 [pid 561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 563] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 561] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... write resumed>) = 8 [pid 563] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 563] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 561] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... write resumed>) = 1045 [pid 561] <... futex resumed>) = 0 [pid 563] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... futex resumed>) = 0 [pid 561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 563] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 562] ioctl(5, LOOP_CLR_FD) = 0 [pid 562] close(5) = 0 [pid 562] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 561] exit_group(0 [pid 563] <... futex resumed>) = ? [pid 562] <... futex resumed>) = ? [pid 561] <... exit_group resumed>) = ? [pid 563] +++ exited with 0 +++ [pid 562] +++ exited with 0 +++ [pid 561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=561, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x5555561b76a0, 24) = 0 [pid 566] chdir("./57") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 566] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[567]}, 88) = 567 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 566] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[568]}, 88) = 568 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 567 attached [pid 567] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 567] memfd_create("syzkaller", 0) = 3 [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 568 attached [pid 568] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 568] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 568] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 568] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... write resumed>) = 262144 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] munmap(0x7ff5a10f3000, 138412032 [pid 568] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 567] <... munmap resumed>) = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 26.391351][ T562] loop0: detected capacity change from 0 to 512 [ 26.410437][ T562] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.423570][ T562] EXT4-fs (loop0): get root inode failed [ 26.429007][ T562] EXT4-fs (loop0): mount failed [pid 567] ioctl(5, LOOP_SET_FD, 3 [pid 568] <... open resumed>) = 6 [pid 568] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 568] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] <... ioctl resumed>) = 0 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] close(3) = 0 [pid 567] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 567] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 568] <... futex resumed>) = 0 [pid 568] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 568] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 568] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 568] <... futex resumed>) = 1 [pid 568] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 567] ioctl(5, LOOP_CLR_FD) = 0 [pid 567] close(5) = 0 [pid 567] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] exit_group(0) = ? [pid 568] <... futex resumed>) = ? [pid 568] +++ exited with 0 +++ [pid 567] <... futex resumed>) = ? [pid 567] +++ exited with 0 +++ [pid 566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 571 ./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x5555561b76a0, 24) = 0 [pid 571] chdir("./58") = 0 [pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 571] setpgid(0, 0) = 0 [pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 571] write(3, "1000", 4) = 4 [pid 571] close(3) = 0 [pid 571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 571] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 571] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... clone3 resumed> => {parent_tid=[572]}, 88) = 572 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 571] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] memfd_create("syzkaller", 0 [pid 571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 572] <... memfd_create resumed>) = 3 [pid 571] <... mmap resumed>) = 0x7ff5a94f3000 [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 571] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 572] <... mmap resumed>) = 0x7ff5a10f3000 [pid 571] rt_sigprocmask(SIG_BLOCK, ~[], [pid 572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 571] <... rt_sigprocmask resumed>[], 8) = 0 [pid 571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... clone3 resumed> => {parent_tid=[573]}, 88) = 573 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 573] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 571] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... write resumed>) = 262144 [pid 572] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 573] <... open resumed>) = 4 [pid 573] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 573] <... futex resumed>) = 1 [pid 571] <... futex resumed>) = 0 [pid 573] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 571] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... openat resumed>) = 5 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] <... mount resumed>) = 0 [ 26.456459][ T567] loop0: detected capacity change from 0 to 512 [ 26.470470][ T567] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.483578][ T567] EXT4-fs (loop0): get root inode failed [ 26.489015][ T567] EXT4-fs (loop0): mount failed [pid 572] ioctl(5, LOOP_SET_FD, 3 [pid 573] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... ioctl resumed>) = 0 [pid 573] <... futex resumed>) = 1 [pid 572] close(3 [pid 571] <... futex resumed>) = 0 [pid 573] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... close resumed>) = 0 [pid 571] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] mkdir("./bus", 0777 [pid 571] <... futex resumed>) = 0 [pid 573] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 571] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 573] <... open resumed>) = 3 [pid 573] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 573] <... futex resumed>) = 1 [pid 571] <... futex resumed>) = 0 [pid 573] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 571] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] <... write resumed>) = 8 [pid 571] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 571] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 573] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 573] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 572] ioctl(5, LOOP_CLR_FD) = 0 [pid 572] close(5) = 0 [pid 572] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] exit_group(0) = ? [pid 572] <... futex resumed>) = ? [pid 572] +++ exited with 0 +++ [pid 573] <... futex resumed>) = ? [pid 573] +++ exited with 0 +++ [pid 571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=571, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 576 ./strace-static-x86_64: Process 576 attached [pid 576] set_robust_list(0x5555561b76a0, 24) = 0 [pid 576] chdir("./59") = 0 [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 576] setpgid(0, 0) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 576] write(3, "1000", 4) = 4 [pid 576] close(3) = 0 [pid 576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 576] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 576] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 577 attached => {parent_tid=[577]}, 88) = 577 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 576] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 577] set_robust_list(0x7ff5a95349a0, 24 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 577] <... set_robust_list resumed>) = 0 [pid 577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] <... clone3 resumed> => {parent_tid=[578]}, 88) = 578 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] memfd_create("syzkaller", 0) = 3 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x7ff5a95139a0, 24 [pid 577] <... mmap resumed>) = 0x7ff5a10f3000 [pid 578] <... set_robust_list resumed>) = 0 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 578] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 1 [pid 577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 578] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] <... futex resumed>) = 1 [pid 577] <... write resumed>) = 262144 [pid 576] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] munmap(0x7ff5a10f3000, 138412032 [pid 578] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 578] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = 1 [pid 577] <... munmap resumed>) = 0 [pid 576] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 578] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 577] <... openat resumed>) = 6 [pid 578] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 578] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] ioctl(6, LOOP_SET_FD, 3 [pid 578] <... futex resumed>) = 0 [pid 576] <... futex resumed>) = 1 [ 26.521918][ T572] loop0: detected capacity change from 0 to 512 [ 26.540421][ T572] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.553653][ T572] EXT4-fs (loop0): get root inode failed [ 26.559221][ T572] EXT4-fs (loop0): mount failed [pid 576] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 576] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 EIO (Input/output error) [pid 578] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = 1 [pid 578] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] <... ioctl resumed>) = 0 [pid 577] close(3) = 0 [pid 577] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 577] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 577] ioctl(6, LOOP_CLR_FD) = 0 [pid 577] close(6) = 0 [pid 577] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] exit_group(0 [pid 578] <... futex resumed>) = ? [pid 576] <... exit_group resumed>) = ? [pid 578] +++ exited with 0 +++ [pid 577] <... futex resumed>) = ? [pid 577] +++ exited with 0 +++ [pid 576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=576, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 581 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x5555561b76a0, 24) = 0 [pid 581] chdir("./60") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 581] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 581] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 582 attached [pid 582] set_robust_list(0x7ff5a95349a0, 24 [pid 581] <... clone3 resumed> => {parent_tid=[582]}, 88) = 582 [pid 582] <... set_robust_list resumed>) = 0 [pid 581] rt_sigprocmask(SIG_SETMASK, [], [pid 582] rt_sigprocmask(SIG_SETMASK, [], [pid 581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 581] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] memfd_create("syzkaller", 0 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 582] <... memfd_create resumed>) = 3 [pid 582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 581] <... mmap resumed>) = 0x7ff5a94f3000 [pid 581] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 582] <... mmap resumed>) = 0x7ff5a10f3000 [pid 581] <... mprotect resumed>) = 0 [pid 581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 583 attached => {parent_tid=[583]}, 88) = 583 [pid 583] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 583] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 581] <... futex resumed>) = 0 [pid 583] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] <... futex resumed>) = 0 [pid 583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... mount resumed>) = 0 [pid 583] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 583] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 582] <... write resumed>) = 262144 [pid 582] munmap(0x7ff5a10f3000, 138412032 [pid 583] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 583] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... munmap resumed>) = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.602722][ T577] loop0: detected capacity change from 0 to 512 [ 26.620861][ T577] EXT4-fs (loop0): 1 orphan inode deleted [ 26.626407][ T577] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 26.635288][ T577] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/59/bus supports timestamps until 2038 (0x7fffffff) [pid 582] ioctl(6, LOOP_SET_FD, 3 [pid 583] <... futex resumed>) = 1 [pid 581] <... futex resumed>) = 0 [pid 582] <... ioctl resumed>) = 0 [pid 582] close(3) = 0 [pid 582] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 582] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 583] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 583] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 583] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 582] ioctl(6, LOOP_CLR_FD [pid 581] <... futex resumed>) = 0 [pid 582] <... ioctl resumed>) = 0 [pid 582] close(6) = 0 [pid 582] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] exit_group(0) = ? [pid 583] <... futex resumed>) = ? [pid 583] +++ exited with 0 +++ [pid 582] <... futex resumed>) = ? [pid 582] +++ exited with 0 +++ [pid 581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=581, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x5555561b76a0, 24) = 0 [pid 584] chdir("./61") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 584] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[585]}, 88) = 585 [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 584] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[586]}, 88) = 586 [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] memfd_create("syzkaller", 0) = 3 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 586 attached ) = 0x7ff5a10f3000 [pid 586] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 586] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 586] <... open resumed>) = 4 [pid 586] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... write resumed>) = 262144 [pid 586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 585] munmap(0x7ff5a10f3000, 138412032 [pid 586] <... mount resumed>) = 0 [pid 586] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... munmap resumed>) = 0 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 586] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 586] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 586] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 586] <... futex resumed>) = 1 [pid 586] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 585] close(3) = 0 [pid 585] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 26.682324][ T582] loop0: detected capacity change from 0 to 512 [ 26.690168][ T582] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [ 26.719769][ T585] loop0: detected capacity change from 0 to 512 [pid 585] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 585] ioctl(6, LOOP_CLR_FD) = 0 [pid 585] close(6) = 0 [pid 585] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] exit_group(0 [pid 586] <... futex resumed>) = ? [pid 585] <... futex resumed>) = ? [pid 584] <... exit_group resumed>) = ? [pid 586] +++ exited with 0 +++ [pid 585] +++ exited with 0 +++ [pid 584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=584, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 589 ./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x5555561b76a0, 24) = 0 [pid 589] chdir("./62") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 589] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 589] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 590 attached => {parent_tid=[590]}, 88) = 590 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 589] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[591]}, 88) = 591 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] memfd_create("syzkaller", 0./strace-static-x86_64: Process 591 attached ) = 3 [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 591] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 591] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 591] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... write resumed>) = 262144 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] munmap(0x7ff5a10f3000, 138412032 [pid 591] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 590] <... munmap resumed>) = 0 [ 26.730756][ T585] EXT4-fs (loop0): 1 orphan inode deleted [ 26.736357][ T585] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/61/bus supports timestamps until 2038 (0x7fffffff) [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 590] ioctl(5, LOOP_SET_FD, 3 [pid 591] <... open resumed>) = 6 [pid 591] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... ioctl resumed>) = 0 [pid 589] <... futex resumed>) = 0 [pid 590] close(3 [pid 589] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 590] <... close resumed>) = 0 [pid 590] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 591] <... write resumed>) = 8 [pid 590] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 591] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 591] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 591] <... futex resumed>) = 1 [pid 591] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 590] ioctl(5, LOOP_CLR_FD) = 0 [pid 590] close(5) = 0 [pid 590] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] exit_group(0 [pid 591] <... futex resumed>) = ? [pid 589] <... exit_group resumed>) = ? [pid 591] +++ exited with 0 +++ [pid 590] <... futex resumed>) = ? [pid 590] +++ exited with 0 +++ [pid 589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=589, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x5555561b76a0, 24) = 0 [pid 594] chdir("./63") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 594] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x7ff5a95349a0, 24 [pid 594] <... clone3 resumed> => {parent_tid=[595]}, 88) = 595 [pid 595] <... set_robust_list resumed>) = 0 [pid 594] rt_sigprocmask(SIG_SETMASK, [], [pid 595] rt_sigprocmask(SIG_SETMASK, [], [pid 594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 594] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] memfd_create("syzkaller", 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] <... memfd_create resumed>) = 3 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 594] <... mmap resumed>) = 0x7ff5a94f3000 [pid 594] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[596]}, 88) = 596 ./strace-static-x86_64: Process 596 attached [pid 594] rt_sigprocmask(SIG_SETMASK, [], [pid 595] <... mmap resumed>) = 0x7ff5a10f3000 [pid 594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 594] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 596] <... open resumed>) = 4 [pid 596] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... write resumed>) = 262144 [pid 595] munmap(0x7ff5a10f3000, 138412032 [pid 596] <... futex resumed>) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 595] <... munmap resumed>) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 26.774189][ T590] loop0: detected capacity change from 0 to 512 [ 26.790381][ T590] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.803584][ T590] EXT4-fs (loop0): get root inode failed [ 26.809045][ T590] EXT4-fs (loop0): mount failed [pid 595] ioctl(5, LOOP_SET_FD, 3 [pid 596] <... mount resumed>) = 0 [pid 595] <... ioctl resumed>) = 0 [pid 595] close(3) = 0 [pid 595] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 595] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 596] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 596] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 596] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 596] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 596] <... futex resumed>) = 1 [ 26.851587][ T595] loop0: detected capacity change from 0 to 512 [ 26.880233][ T595] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 26.893633][ T595] EXT4-fs (loop0): get root inode failed [pid 596] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 595] ioctl(5, LOOP_CLR_FD) = 0 [pid 595] close(5) = 0 [pid 595] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 594] exit_group(0 [pid 596] <... futex resumed>) = ? [pid 595] <... futex resumed>) = ? [pid 594] <... exit_group resumed>) = ? [pid 596] +++ exited with 0 +++ [pid 595] +++ exited with 0 +++ [pid 594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=594, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 599 ./strace-static-x86_64: Process 599 attached [pid 599] set_robust_list(0x5555561b76a0, 24) = 0 [pid 599] chdir("./64") = 0 [pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 599] setpgid(0, 0) = 0 [pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 599] write(3, "1000", 4) = 4 [pid 599] close(3) = 0 [pid 599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 599] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 599] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 599] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 599] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[600]}, 88) = 600 [pid 599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 599] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 599] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 599] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[601]}, 88) = 601 [pid 599] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 601 attached ./strace-static-x86_64: Process 600 attached NULL, 8) = 0 [pid 599] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] set_robust_list(0x7ff5a95139a0, 24 [pid 600] set_robust_list(0x7ff5a95349a0, 24 [pid 601] <... set_robust_list resumed>) = 0 [pid 601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 601] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 600] <... set_robust_list resumed>) = 0 [pid 601] <... open resumed>) = 3 [pid 600] rt_sigprocmask(SIG_SETMASK, [], [pid 601] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 601] <... futex resumed>) = 1 [pid 600] memfd_create("syzkaller", 0 [pid 599] <... futex resumed>) = 0 [pid 599] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... memfd_create resumed>) = 4 [pid 599] <... futex resumed>) = 0 [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 600] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 26.899122][ T595] EXT4-fs (loop0): mount failed [pid 599] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] <... write resumed>) = 262144 [pid 600] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 600] ioctl(5, LOOP_SET_FD, 4 [pid 601] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 600] <... ioctl resumed>) = 0 [pid 601] <... mount resumed>) = 0 [pid 600] close(4 [pid 601] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... close resumed>) = 0 [pid 600] mkdir("./file1", 0777 [pid 601] <... futex resumed>) = 1 [pid 599] <... futex resumed>) = 0 [pid 599] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 601] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... mkdir resumed>) = 0 [pid 601] <... futex resumed>) = 1 [pid 599] <... futex resumed>) = 0 [pid 599] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 600] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 601] <... write resumed>) = 8 [pid 601] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 599] <... futex resumed>) = 0 [pid 599] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 601] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 599] <... futex resumed>) = 0 [pid 600] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 600] ioctl(5, LOOP_CLR_FD) = 0 [pid 600] close(5) = 0 [pid 600] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 599] exit_group(0 [pid 601] <... futex resumed>) = ? [pid 599] <... exit_group resumed>) = ? [pid 601] +++ exited with 0 +++ [pid 600] <... futex resumed>) = ? [pid 600] +++ exited with 0 +++ [pid 599] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=599, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 602 ./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x5555561b76a0, 24) = 0 [pid 602] chdir("./65") = 0 [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 602] setpgid(0, 0) = 0 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 602] write(3, "1000", 4) = 4 [pid 602] close(3) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 602] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 602] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x7ff5a95349a0, 24 [pid 602] <... clone3 resumed> => {parent_tid=[603]}, 88) = 603 [pid 603] <... set_robust_list resumed>) = 0 [pid 602] rt_sigprocmask(SIG_SETMASK, [], [pid 603] rt_sigprocmask(SIG_SETMASK, [], [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 603] memfd_create("syzkaller", 0 [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 603] <... memfd_create resumed>) = 3 [pid 603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 602] <... mmap resumed>) = 0x7ff5a94f3000 [pid 603] <... mmap resumed>) = 0x7ff5a10f3000 [pid 602] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 604 attached => {parent_tid=[604]}, 88) = 604 [pid 604] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 604] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 602] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 604] <... futex resumed>) = 0 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 604] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 604] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 604] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 604] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 604] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 604] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 602] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 602] <... futex resumed>) = 0 [pid 604] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 604] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 602] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 602] <... futex resumed>) = 0 [pid 604] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 604] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 603] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.943223][ T600] loop0: detected capacity change from 0 to 512 [ 26.952758][ T600] EXT4-fs (loop0): can't read group descriptor 0 [pid 603] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 603] close(3) = 0 [pid 603] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 603] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 603] ioctl(6, LOOP_CLR_FD) = 0 [pid 603] close(6) = 0 [pid 603] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] exit_group(0 [pid 604] <... futex resumed>) = ? [pid 603] <... futex resumed>) = ? [pid 602] <... exit_group resumed>) = ? [pid 604] +++ exited with 0 +++ [pid 603] +++ exited with 0 +++ [pid 602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=602, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 607 attached , child_tidptr=0x5555561b7690) = 607 [pid 607] set_robust_list(0x5555561b76a0, 24) = 0 [pid 607] chdir("./66") = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 607] write(3, "1000", 4) = 4 [pid 607] close(3) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 607] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 607] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[608]}, 88) = 608 [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 607] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 608 attached => {parent_tid=[609]}, 88) = 609 [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] memfd_create("syzkaller", 0) = 3 [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 609] <... open resumed>) = 4 [pid 609] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... write resumed>) = 262144 [pid 608] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 27.003729][ T603] loop0: detected capacity change from 0 to 512 [ 27.031148][ T603] EXT4-fs (loop0): 1 orphan inode deleted [ 27.036834][ T603] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/65/bus supports timestamps until 2038 (0x7fffffff) [pid 608] ioctl(5, LOOP_SET_FD, 3 [pid 609] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 608] <... ioctl resumed>) = 0 [pid 608] close(3) = 0 [pid 608] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 608] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 609] <... mount resumed>) = 0 [pid 609] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 609] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 607] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] <... open resumed>) = 3 [pid 607] <... futex resumed>) = 0 [pid 609] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 607] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... write resumed>) = 8 [pid 609] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 609] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 607] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] <... write resumed>) = 1045 [pid 607] <... futex resumed>) = 0 [pid 609] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 608] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 608] ioctl(5, LOOP_CLR_FD) = 0 [pid 608] close(5) = 0 [pid 608] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] exit_group(0 [pid 609] <... futex resumed>) = ? [pid 607] <... exit_group resumed>) = ? [pid 609] +++ exited with 0 +++ [pid 608] <... futex resumed>) = ? [pid 608] +++ exited with 0 +++ [pid 607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=607, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 612 ./strace-static-x86_64: Process 612 attached [pid 612] set_robust_list(0x5555561b76a0, 24) = 0 [pid 612] chdir("./67") = 0 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 612] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 612] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[613]}, 88) = 613 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 612] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[614]}, 88) = 614 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 613] memfd_create("syzkaller", 0) = 3 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 614 attached ) = 0x7ff5a10f3000 [pid 614] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 614] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 613] <... write resumed>) = 262144 [pid 613] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 27.080340][ T608] loop0: detected capacity change from 0 to 512 [ 27.090455][ T608] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 27.103593][ T608] EXT4-fs (loop0): get root inode failed [ 27.109045][ T608] EXT4-fs (loop0): mount failed [pid 613] ioctl(5, LOOP_SET_FD, 3 [pid 614] <... mount resumed>) = 0 [pid 614] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] <... futex resumed>) = 0 [pid 613] <... ioctl resumed>) = 0 [pid 612] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] close(3) = 0 [pid 613] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 613] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 614] <... futex resumed>) = 0 [pid 614] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 614] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 614] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 614] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... write resumed>) = 8 [pid 614] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... futex resumed>) = 1 [pid 614] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 614] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 614] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 613] ioctl(5, LOOP_CLR_FD) = 0 [pid 613] close(5) = 0 [pid 613] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] exit_group(0 [pid 614] <... futex resumed>) = ? [pid 614] +++ exited with 0 +++ [pid 612] <... exit_group resumed>) = ? [pid 613] <... futex resumed>) = ? [pid 613] +++ exited with 0 +++ [pid 612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=612, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 617 ./strace-static-x86_64: Process 617 attached [pid 617] set_robust_list(0x5555561b76a0, 24) = 0 [pid 617] chdir("./68") = 0 [pid 617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 617] setpgid(0, 0) = 0 [pid 617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 617] write(3, "1000", 4) = 4 [pid 617] close(3) = 0 [pid 617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 617] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 617] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[618]}, 88) = 618 [pid 617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 617] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 617] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[619]}, 88) = 619 ./strace-static-x86_64: Process 618 attached [pid 617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 617] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 618] set_robust_list(0x7ff5a95349a0, 24 [pid 619] <... open resumed>) = 3 [pid 619] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... futex resumed>) = 0 [pid 617] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... futex resumed>) = 1 [pid 619] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 619] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... futex resumed>) = 0 [pid 617] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... futex resumed>) = 1 [pid 619] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 619] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... futex resumed>) = 0 [pid 617] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... futex resumed>) = 1 [pid 619] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 619] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... futex resumed>) = 0 [pid 617] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... futex resumed>) = 1 [pid 619] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 619] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 619] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 618] <... set_robust_list resumed>) = 0 [pid 618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 618] memfd_create("syzkaller", 0) = 5 [pid 618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 618] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 618] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.145150][ T613] loop0: detected capacity change from 0 to 512 [ 27.160758][ T613] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 27.173910][ T613] EXT4-fs (loop0): get root inode failed [ 27.179643][ T613] EXT4-fs (loop0): mount failed [pid 618] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 618] close(5) = 0 [pid 618] mkdir("./file1", 0777) = 0 [pid 618] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 618] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 618] chdir("./file1") = 0 [pid 618] ioctl(6, LOOP_CLR_FD) = 0 [pid 618] close(6) = 0 [pid 618] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 617] exit_group(0) = ? [pid 618] <... futex resumed>) = ? [pid 618] +++ exited with 0 +++ [pid 619] <... futex resumed>) = ? [pid 619] +++ exited with 0 +++ [pid 617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=617, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 623 ./strace-static-x86_64: Process 623 attached [pid 623] set_robust_list(0x5555561b76a0, 24) = 0 [pid 623] chdir("./69") = 0 [pid 623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 623] setpgid(0, 0) = 0 [pid 623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 623] write(3, "1000", 4) = 4 [pid 623] close(3) = 0 [pid 623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 623] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 623] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 623] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x7ff5a95349a0, 24 [pid 623] <... clone3 resumed> => {parent_tid=[624]}, 88) = 624 [pid 624] <... set_robust_list resumed>) = 0 [pid 623] rt_sigprocmask(SIG_SETMASK, [], [pid 624] rt_sigprocmask(SIG_SETMASK, [], [pid 623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 623] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] memfd_create("syzkaller", 0 [pid 623] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] <... memfd_create resumed>) = 3 [pid 623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 623] <... mmap resumed>) = 0x7ff5a94f3000 [pid 624] <... mmap resumed>) = 0x7ff5a10f3000 [pid 623] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 623] <... clone3 resumed> => {parent_tid=[625]}, 88) = 625 [pid 623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 623] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 623] <... futex resumed>) = 1 [pid 625] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 623] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 625] <... open resumed>) = 4 [pid 625] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 623] <... futex resumed>) = 0 [pid 625] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 623] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 623] <... futex resumed>) = 0 [pid 623] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 625] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 625] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 623] <... futex resumed>) = 0 [pid 623] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] <... futex resumed>) = 1 [pid 623] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 625] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 625] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 623] <... futex resumed>) = 0 [pid 625] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 623] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 623] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 625] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 623] <... futex resumed>) = 0 [pid 623] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 623] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 625] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 625] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 623] <... futex resumed>) = 0 [pid 625] <... futex resumed>) = 1 [pid 625] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 624] <... write resumed>) = 262144 [pid 624] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.215315][ T618] loop0: detected capacity change from 0 to 512 [ 27.231406][ T618] EXT4-fs (loop0): 1 orphan inode deleted [ 27.237060][ T618] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/68/file1 supports timestamps until 2038 (0x7fffffff) [pid 624] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 624] close(3) = 0 [pid 624] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 624] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 624] ioctl(6, LOOP_CLR_FD) = 0 [pid 624] close(6) = 0 [pid 624] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 623] exit_group(0 [pid 624] <... futex resumed>) = ? [pid 623] <... exit_group resumed>) = ? [pid 624] +++ exited with 0 +++ [pid 625] <... futex resumed>) = ? [pid 625] +++ exited with 0 +++ [pid 623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=623, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 628 attached [pid 628] set_robust_list(0x5555561b76a0, 24) = 0 [pid 628] chdir("./70") = 0 [pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 628] setpgid(0, 0) = 0 [pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 628] write(3, "1000", 4) = 4 [pid 628] close(3) = 0 [pid 628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 628] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 628 [pid 628] <... mmap resumed>) = 0x7ff5a9514000 [pid 628] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[629]}, 88) = 629 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 628] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[630]}, 88) = 630 ./strace-static-x86_64: Process 630 attached [pid 628] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 629 attached [pid 630] set_robust_list(0x7ff5a95139a0, 24 [pid 628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 628] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] <... set_robust_list resumed>) = 0 [pid 630] rt_sigprocmask(SIG_SETMASK, [], [pid 629] set_robust_list(0x7ff5a95349a0, 24 [pid 630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 630] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 629] <... set_robust_list resumed>) = 0 [pid 630] <... open resumed>) = 3 [pid 629] rt_sigprocmask(SIG_SETMASK, [], [pid 630] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 630] <... futex resumed>) = 1 [pid 629] memfd_create("syzkaller", 0 [pid 628] <... futex resumed>) = 0 [pid 630] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 629] <... memfd_create resumed>) = 4 [pid 628] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 630] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 628] <... futex resumed>) = 0 [pid 630] <... mount resumed>) = 0 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 630] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 628] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 629] <... mmap resumed>) = 0x7ff5a10f3000 [pid 630] <... futex resumed>) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [ 27.289494][ T624] loop0: detected capacity change from 0 to 512 [ 27.300815][ T624] EXT4-fs (loop0): 1 orphan inode deleted [ 27.306468][ T624] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/69/bus supports timestamps until 2038 (0x7fffffff) [pid 630] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 629] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 630] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 630] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 630] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] <... futex resumed>) = 0 [pid 630] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 629] <... write resumed>) = 262144 [pid 629] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 629] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 629] close(4) = 0 [pid 629] mkdir("./file1", 0777) = 0 [pid 629] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 629] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 629] chdir("./file1") = 0 [pid 629] ioctl(6, LOOP_CLR_FD) = 0 [pid 629] close(6) = 0 [pid 629] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 629] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] exit_group(0 [pid 630] <... futex resumed>) = ? [pid 628] <... exit_group resumed>) = ? [pid 630] +++ exited with 0 +++ [pid 629] <... futex resumed>) = ? [pid 629] +++ exited with 0 +++ [pid 628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=628, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 633 attached , child_tidptr=0x5555561b7690) = 633 [pid 633] set_robust_list(0x5555561b76a0, 24) = 0 [pid 633] chdir("./71") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 633] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 633] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[634]}, 88) = 634 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 633] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[635]}, 88) = 635 ./strace-static-x86_64: Process 635 attached ./strace-static-x86_64: Process 634 attached [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 635] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 635] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 635] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] set_robust_list(0x7ff5a95349a0, 24 [pid 635] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 634] <... set_robust_list resumed>) = 0 [pid 635] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 635] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 635] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 635] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 635] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 635] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 635] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 635] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] memfd_create("syzkaller", 0) = 5 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [ 27.373337][ T629] loop0: detected capacity change from 0 to 512 [ 27.401429][ T629] EXT4-fs (loop0): 1 orphan inode deleted [ 27.407174][ T629] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/70/file1 supports timestamps until 2038 (0x7fffffff) [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 634] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 634] close(5) = 0 [pid 634] mkdir("./file1", 0777) = 0 [pid 634] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 634] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 634] chdir("./file1") = 0 [pid 634] ioctl(6, LOOP_CLR_FD) = 0 [pid 634] close(6) = 0 [pid 634] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] exit_group(0 [pid 635] <... futex resumed>) = ? [pid 633] <... exit_group resumed>) = ? [pid 635] +++ exited with 0 +++ [pid 634] <... futex resumed>) = ? [pid 634] +++ exited with 0 +++ [pid 633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=633, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 638 ./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x5555561b76a0, 24) = 0 [pid 638] chdir("./72") = 0 [pid 638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 638] setpgid(0, 0) = 0 [pid 638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 638] write(3, "1000", 4) = 4 [pid 638] close(3) = 0 [pid 638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 638] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 638] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[639]}, 88) = 639 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 638] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 639 attached => {parent_tid=[640]}, 88) = 640 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 639] memfd_create("syzkaller", 0) = 3 [pid 639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 640 attached ) = 0x7ff5a10f3000 [pid 640] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 640] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 640] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... write resumed>) = 262144 [pid 639] munmap(0x7ff5a10f3000, 138412032 [pid 640] <... futex resumed>) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... munmap resumed>) = 0 [pid 639] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 640] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 639] <... openat resumed>) = 5 [ 27.455709][ T634] loop0: detected capacity change from 0 to 512 [ 27.471508][ T634] EXT4-fs (loop0): 1 orphan inode deleted [ 27.477260][ T634] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/71/file1 supports timestamps until 2038 (0x7fffffff) [pid 639] ioctl(5, LOOP_SET_FD, 3 [pid 640] <... open resumed>) = 6 [pid 640] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] <... ioctl resumed>) = 0 [pid 638] <... futex resumed>) = 0 [pid 638] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] close(3) = 0 [pid 639] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 639] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 640] <... futex resumed>) = 0 [pid 640] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 640] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... futex resumed>) = 0 [pid 638] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 640] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 638] <... futex resumed>) = 0 [pid 639] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 639] ioctl(5, LOOP_CLR_FD) = 0 [pid 639] close(5) = 0 [pid 639] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 638] exit_group(0 [pid 640] <... futex resumed>) = ? [pid 638] <... exit_group resumed>) = ? [pid 640] +++ exited with 0 +++ [pid 639] <... futex resumed>) = ? [pid 639] +++ exited with 0 +++ [pid 638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=638, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x5555561b76a0, 24) = 0 [pid 643] chdir("./73") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 643] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 644 attached => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 643] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[645]}, 88) = 645 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] memfd_create("syzkaller", 0) = 3 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 645] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 645] <... open resumed>) = 4 [pid 645] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] <... write resumed>) = 262144 [pid 644] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 27.517322][ T639] loop0: detected capacity change from 0 to 512 [ 27.529969][ T639] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 27.543598][ T639] EXT4-fs (loop0): get root inode failed [ 27.549069][ T639] EXT4-fs (loop0): mount failed [pid 644] ioctl(5, LOOP_SET_FD, 3 [pid 645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 644] <... ioctl resumed>) = 0 [pid 644] close(3) = 0 [pid 644] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 644] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 645] <... mount resumed>) = 0 [pid 645] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 1 [pid 643] <... futex resumed>) = 0 [pid 645] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 643] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... open resumed>) = 3 [pid 645] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 645] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 643] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... write resumed>) = 8 [pid 645] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 645] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 643] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... write resumed>) = 1045 [pid 643] <... futex resumed>) = 0 [pid 645] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... futex resumed>) = 0 [pid 643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 645] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 644] ioctl(5, LOOP_CLR_FD) = 0 [pid 644] close(5) = 0 [pid 644] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 644] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] exit_group(0 [pid 644] <... futex resumed>) = ? [pid 643] <... exit_group resumed>) = ? [pid 645] <... futex resumed>) = ? [pid 644] +++ exited with 0 +++ [pid 645] +++ exited with 0 +++ [pid 643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=643, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 648 ./strace-static-x86_64: Process 648 attached [pid 648] set_robust_list(0x5555561b76a0, 24) = 0 [pid 648] chdir("./74") = 0 [pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 648] setpgid(0, 0) = 0 [pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 648] write(3, "1000", 4) = 4 [pid 648] close(3) = 0 [pid 648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 648] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 648] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[649]}, 88) = 649 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 648] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[650]}, 88) = 650 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] memfd_create("syzkaller", 0) = 3 [pid 649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 649] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 649] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 27.580138][ T644] loop0: detected capacity change from 0 to 512 [ 27.589978][ T644] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 27.603251][ T644] EXT4-fs (loop0): get root inode failed [ 27.608815][ T644] EXT4-fs (loop0): mount failed [pid 650] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 650] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 650] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 0 [pid 650] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 650] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 1 [pid 650] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 650] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 1 [pid 650] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 649] <... ioctl resumed>) = 0 [pid 649] close(3) = 0 [pid 649] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 649] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 650] <... write resumed>) = -1 EIO (Input/output error) [pid 650] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 650] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 650] <... futex resumed>) = 1 [ 27.635687][ T649] loop0: detected capacity change from 0 to 512 [ 27.638974][ T56] blk_print_req_error: 3 callbacks suppressed [ 27.638989][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 27.669971][ T649] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [pid 650] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 649] ioctl(4, LOOP_CLR_FD) = 0 [pid 649] close(4) = 0 [pid 649] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 648] exit_group(0 [pid 650] <... futex resumed>) = ? [pid 648] <... exit_group resumed>) = ? [pid 650] +++ exited with 0 +++ [pid 649] <... futex resumed>) = ? [pid 649] +++ exited with 0 +++ [pid 648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=648, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 653 ./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x5555561b76a0, 24) = 0 [pid 653] chdir("./75") = 0 [pid 653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 653] setpgid(0, 0) = 0 [pid 653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 653] write(3, "1000", 4) = 4 [pid 653] close(3) = 0 [pid 653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 653] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 653] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[654]}, 88) = 654 [pid 653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 653] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 653] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 654 attached => {parent_tid=[655]}, 88) = 655 [pid 653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 653] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 654] set_robust_list(0x7ff5a95349a0, 24 [pid 655] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] <... futex resumed>) = 0 [pid 653] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 655] <... futex resumed>) = 1 [pid 655] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 655] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] <... futex resumed>) = 0 [pid 653] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 655] <... futex resumed>) = 1 [pid 655] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 655] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] <... futex resumed>) = 0 [pid 653] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 655] <... futex resumed>) = 1 [pid 655] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 655] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] <... futex resumed>) = 0 [pid 653] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 655] <... futex resumed>) = 1 [pid 654] <... set_robust_list resumed>) = 0 [pid 655] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 655] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 655] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 654] memfd_create("syzkaller", 0) = 5 [pid 654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 654] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 654] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 654] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 654] close(5) = 0 [pid 654] mkdir("./file1", 0777) = 0 [ 27.683142][ T649] EXT4-fs (loop0): get root inode failed [ 27.688696][ T649] EXT4-fs (loop0): mount failed [ 27.714001][ T654] loop0: detected capacity change from 0 to 512 [pid 654] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 654] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 654] chdir("./file1") = 0 [pid 654] ioctl(6, LOOP_CLR_FD) = 0 [pid 654] close(6) = 0 [pid 654] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] exit_group(0 [pid 654] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 653] <... exit_group resumed>) = ? [pid 654] <... futex resumed>) = ? [pid 654] +++ exited with 0 +++ [pid 655] <... futex resumed>) = ? [pid 655] +++ exited with 0 +++ [pid 653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=653, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 658 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x5555561b76a0, 24) = 0 [pid 658] chdir("./76") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 658] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 658] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 658] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[659]}, 88) = 659 [pid 658] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 659 attached NULL, 8) = 0 [pid 658] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] set_robust_list(0x7ff5a95349a0, 24 [pid 658] <... futex resumed>) = 0 [pid 658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 658] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 659] <... set_robust_list resumed>) = 0 [pid 659] rt_sigprocmask(SIG_SETMASK, [], [pid 658] <... mprotect resumed>) = 0 [pid 659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[660]}, 88) = 660 [pid 658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 658] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 660 attached [pid 660] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 660] rt_sigprocmask(SIG_SETMASK, [], [pid 659] memfd_create("syzkaller", 0 [pid 660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 660] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 659] <... memfd_create resumed>) = 3 [pid 659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 660] <... open resumed>) = 4 [pid 660] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... mmap resumed>) = 0x7ff5a10f3000 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... futex resumed>) = 1 [pid 660] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 660] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... futex resumed>) = 1 [pid 660] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 660] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... futex resumed>) = 1 [pid 660] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 660] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... futex resumed>) = 1 [pid 660] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 660] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 0 [pid 660] <... futex resumed>) = 1 [pid 660] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 659] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.731231][ T654] EXT4-fs (loop0): 1 orphan inode deleted [ 27.736948][ T654] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/75/file1 supports timestamps until 2038 (0x7fffffff) [pid 659] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 659] close(3) = 0 [pid 659] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 659] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 659] ioctl(6, LOOP_CLR_FD) = 0 [pid 659] close(6) = 0 [pid 659] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] exit_group(0) = ? [pid 659] <... futex resumed>) = ? [pid 659] +++ exited with 0 +++ [pid 660] <... futex resumed>) = ? [pid 660] +++ exited with 0 +++ [pid 658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=658, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 663 ./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x5555561b76a0, 24) = 0 [pid 663] chdir("./77") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 663] write(3, "1000", 4) = 4 [pid 663] close(3) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 663] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 663] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] <... clone3 resumed> => {parent_tid=[664]}, 88) = 664 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 663] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 664] <... futex resumed>) = 0 [pid 663] <... clone3 resumed> => {parent_tid=[665]}, 88) = 665 [pid 664] memfd_create("syzkaller", 0 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 665 attached [pid 665] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 665] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 665] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... futex resumed>) = 1 [pid 665] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 665] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... futex resumed>) = 1 [pid 665] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 665] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... futex resumed>) = 1 [pid 665] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 665] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... futex resumed>) = 1 [pid 665] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 665] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 665] <... futex resumed>) = 1 [pid 665] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] <... memfd_create resumed>) = 5 [pid 664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 664] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 664] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.780023][ T659] loop0: detected capacity change from 0 to 512 [ 27.791694][ T659] EXT4-fs (loop0): 1 orphan inode deleted [ 27.797451][ T659] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/76/bus supports timestamps until 2038 (0x7fffffff) [pid 664] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 664] close(5) = 0 [pid 664] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 664] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 664] ioctl(6, LOOP_CLR_FD) = 0 [pid 664] close(6) = 0 [pid 664] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] exit_group(0 [pid 665] <... futex resumed>) = ? [pid 663] <... exit_group resumed>) = ? [pid 665] +++ exited with 0 +++ [pid 664] <... futex resumed>) = ? [pid 664] +++ exited with 0 +++ [pid 663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=663, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 668 attached , child_tidptr=0x5555561b7690) = 668 [pid 668] set_robust_list(0x5555561b76a0, 24) = 0 [pid 668] chdir("./78") = 0 [pid 668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 668] setpgid(0, 0) = 0 [pid 668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 668] write(3, "1000", 4) = 4 [pid 668] close(3) = 0 [pid 668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 668] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 668] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x7ff5a95349a0, 24 [pid 668] <... clone3 resumed> => {parent_tid=[669]}, 88) = 669 [pid 669] <... set_robust_list resumed>) = 0 [pid 669] rt_sigprocmask(SIG_SETMASK, [], [pid 668] rt_sigprocmask(SIG_SETMASK, [], [pid 669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 669] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 668] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] memfd_create("syzkaller", 0 [pid 668] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... memfd_create resumed>) = 3 [pid 668] <... futex resumed>) = 0 [pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 669] <... mmap resumed>) = 0x7ff5a1114000 [pid 668] <... mmap resumed>) = 0x7ff5a10f3000 [pid 668] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0}./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 668] <... clone3 resumed> => {parent_tid=[670]}, 88) = 670 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 668] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 670] <... open resumed>) = 4 [pid 669] munmap(0x7ff5a1114000, 138412032 [pid 670] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 668] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... mount resumed>) = 0 [pid 670] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... munmap resumed>) = 0 [pid 670] <... futex resumed>) = 1 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 669] <... openat resumed>) = 5 [pid 670] <... open resumed>) = 6 [ 27.834104][ T664] loop0: detected capacity change from 0 to 512 [ 27.861229][ T664] EXT4-fs (loop0): 1 orphan inode deleted [ 27.867003][ T664] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/77/bus supports timestamps until 2038 (0x7fffffff) [pid 669] ioctl(5, LOOP_SET_FD, 3 [pid 670] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... ioctl resumed>) = 0 [pid 668] <... futex resumed>) = 0 [pid 670] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 669] close(3 [pid 668] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 669] <... close resumed>) = 0 [pid 668] <... futex resumed>) = 0 [pid 670] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 668] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] mkdir("./bus", 0777 [pid 670] <... write resumed>) = 8 [pid 670] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 670] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 668] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 668] <... futex resumed>) = 0 [pid 670] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 668] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 669] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 670] <... write resumed>) = 1045 [pid 670] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 670] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 669] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 669] ioctl(5, LOOP_CLR_FD) = 0 [pid 669] close(5) = 0 [pid 669] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] exit_group(0 [pid 669] <... futex resumed>) = 0 [pid 668] <... exit_group resumed>) = ? [pid 670] <... futex resumed>) = ? [pid 670] +++ exited with 0 +++ [pid 669] +++ exited with 0 +++ [pid 668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=668, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 671 ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x5555561b76a0, 24) = 0 [pid 671] chdir("./79") = 0 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 671] setpgid(0, 0) = 0 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 671] write(3, "1000", 4) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 671] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 671] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[672]}, 88) = 672 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 671] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[673]}, 88) = 673 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 672 attached [pid 672] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 672] memfd_create("syzkaller", 0) = 3 [pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 673] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 673] <... open resumed>) = 4 [pid 673] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 672] <... write resumed>) = 262144 [pid 672] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 27.907955][ T669] loop0: detected capacity change from 0 to 512 [ 27.917333][ T669] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 672] ioctl(5, LOOP_SET_FD, 3 [pid 673] <... mount resumed>) = 0 [pid 672] <... ioctl resumed>) = 0 [pid 672] close(3) = 0 [pid 672] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 672] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 673] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 673] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... futex resumed>) = 1 [pid 673] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 673] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 1 [pid 671] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... write resumed>) = 1045 [pid 673] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 671] <... futex resumed>) = 0 [pid 673] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 672] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 672] ioctl(5, LOOP_CLR_FD) = 0 [pid 672] close(5) = 0 [pid 672] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 672] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 671] exit_group(0 [pid 673] <... futex resumed>) = ? [pid 671] <... exit_group resumed>) = ? [pid 673] +++ exited with 0 +++ [pid 672] <... futex resumed>) = ? [pid 672] +++ exited with 0 +++ [pid 671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=671, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 676 ./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x5555561b76a0, 24) = 0 [pid 676] chdir("./80") = 0 [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 676] setpgid(0, 0) = 0 [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 676] write(3, "1000", 4) = 4 [pid 676] close(3) = 0 [pid 676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 676] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 676] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[677]}, 88) = 677 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 676] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[678]}, 88) = 678 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 677 attached [pid 677] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] memfd_create("syzkaller", 0) = 3 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 677] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 677] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 678 attached [ 27.949712][ T672] loop0: detected capacity change from 0 to 512 [ 27.960046][ T672] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 27.973295][ T672] EXT4-fs (loop0): get root inode failed [ 27.978860][ T672] EXT4-fs (loop0): mount failed [pid 678] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 677] <... ioctl resumed>) = 0 [pid 678] rt_sigprocmask(SIG_SETMASK, [], [pid 677] close(3 [pid 678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 678] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 677] <... close resumed>) = 0 [pid 678] <... open resumed>) = 3 [pid 678] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] mkdir("./bus", 0777 [pid 678] <... futex resumed>) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 677] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 678] <... mount resumed>) = 0 [pid 678] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 678] <... futex resumed>) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 678] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 678] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 678] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... futex resumed>) = 0 [pid 676] <... futex resumed>) = 1 [pid 678] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 676] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] <... write resumed>) = 1045 [pid 678] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 678] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 677] ioctl(4, LOOP_CLR_FD) = 0 [pid 677] close(4) = 0 [pid 677] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 676] exit_group(0) = ? [pid 677] <... futex resumed>) = ? [pid 677] +++ exited with 0 +++ [pid 678] <... futex resumed>) = ? [pid 678] +++ exited with 0 +++ [pid 676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=676, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 681 ./strace-static-x86_64: Process 681 attached [pid 681] set_robust_list(0x5555561b76a0, 24) = 0 [pid 681] chdir("./81") = 0 [pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 681] setpgid(0, 0) = 0 [pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 681] write(3, "1000", 4) = 4 [pid 681] close(3) = 0 [pid 681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 681] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 681] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[682]}, 88) = 682 [pid 681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 681] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 681] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[683]}, 88) = 683 [pid 681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 681] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 683] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... futex resumed>) = 1 [pid 683] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 682 attached [pid 682] set_robust_list(0x7ff5a95349a0, 24 [pid 683] <... mount resumed>) = 0 [pid 682] <... set_robust_list resumed>) = 0 [pid 682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 682] memfd_create("syzkaller", 0 [pid 683] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... memfd_create resumed>) = 4 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 681] <... futex resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 681] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 681] <... futex resumed>) = 0 [pid 683] <... open resumed>) = 5 [pid 681] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 681] <... futex resumed>) = 0 [pid 683] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 681] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 683] <... futex resumed>) = 0 [pid 681] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 681] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 683] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... write resumed>) = 262144 [pid 681] <... futex resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 682] munmap(0x7ff5a10f3000, 138412032 [pid 683] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... munmap resumed>) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.004413][ T677] loop0: detected capacity change from 0 to 512 [ 28.020127][ T677] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.033635][ T677] EXT4-fs (loop0): get root inode failed [ 28.039191][ T677] EXT4-fs (loop0): mount failed [pid 682] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 682] close(4) = 0 [pid 682] mkdir("./file1", 0777) = 0 [pid 682] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 682] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 682] chdir("./file1") = 0 [pid 682] ioctl(6, LOOP_CLR_FD) = 0 [pid 682] close(6) = 0 [pid 682] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] exit_group(0 [pid 683] <... futex resumed>) = ? [pid 681] <... exit_group resumed>) = ? [pid 683] +++ exited with 0 +++ [pid 682] <... futex resumed>) = ? [pid 682] +++ exited with 0 +++ [pid 681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=681, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x5555561b76a0, 24) = 0 [pid 686] chdir("./82") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 686 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 686] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[687]}, 88) = 687 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 686] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 687 attached ./strace-static-x86_64: Process 688 attached [pid 687] set_robust_list(0x7ff5a95349a0, 24 [pid 686] <... clone3 resumed> => {parent_tid=[688]}, 88) = 688 [pid 687] <... set_robust_list resumed>) = 0 [pid 688] set_robust_list(0x7ff5a95139a0, 24 [pid 687] rt_sigprocmask(SIG_SETMASK, [], [pid 686] rt_sigprocmask(SIG_SETMASK, [], [pid 688] <... set_robust_list resumed>) = 0 [pid 687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 686] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] rt_sigprocmask(SIG_SETMASK, [], [pid 687] memfd_create("syzkaller", 0 [pid 688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 687] <... memfd_create resumed>) = 3 [pid 686] <... futex resumed>) = 0 [pid 687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 687] <... mmap resumed>) = 0x7ff5a10f3000 [pid 687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 687] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.062909][ T682] loop0: detected capacity change from 0 to 512 [ 28.081459][ T682] EXT4-fs (loop0): 1 orphan inode deleted [ 28.087251][ T682] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/81/file1 supports timestamps until 2038 (0x7fffffff) [pid 687] ioctl(4, LOOP_SET_FD, 3 [pid 688] <... open resumed>) = 5 [pid 687] <... ioctl resumed>) = 0 [pid 687] close(3) = 0 [pid 687] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 687] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 688] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 688] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 688] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 686] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... write resumed>) = 8 [pid 688] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 686] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... write resumed>) = 1045 [pid 688] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 688] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 687] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 687] ioctl(4, LOOP_CLR_FD) = 0 [pid 687] close(4) = 0 [pid 687] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] exit_group(0) = ? [pid 688] <... futex resumed>) = ? [pid 688] +++ exited with 0 +++ [pid 687] <... futex resumed>) = ? [pid 687] +++ exited with 0 +++ [pid 686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=686, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 691 ./strace-static-x86_64: Process 691 attached [pid 691] set_robust_list(0x5555561b76a0, 24) = 0 [pid 691] chdir("./83") = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3) = 0 [pid 691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 691] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 691] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 692 attached => {parent_tid=[692]}, 88) = 692 [pid 692] set_robust_list(0x7ff5a95349a0, 24 [pid 691] rt_sigprocmask(SIG_SETMASK, [], [pid 692] <... set_robust_list resumed>) = 0 [pid 691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 692] rt_sigprocmask(SIG_SETMASK, [], [pid 691] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 691] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] memfd_create("syzkaller", 0 [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 691] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 692] <... memfd_create resumed>) = 3 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 691] <... mprotect resumed>) = 0 [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [pid 692] <... mmap resumed>) = 0x7ff5a10f3000 [pid 691] <... rt_sigprocmask resumed>[], 8) = 0 [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[693]}, 88) = 693 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 693 attached [pid 692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 693] set_robust_list(0x7ff5a95139a0, 24 [pid 692] <... write resumed>) = 262144 [pid 692] munmap(0x7ff5a10f3000, 138412032 [pid 693] <... set_robust_list resumed>) = 0 [pid 692] <... munmap resumed>) = 0 [pid 693] rt_sigprocmask(SIG_SETMASK, [], [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 692] <... openat resumed>) = 4 [pid 693] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [ 28.125805][ T687] loop0: detected capacity change from 0 to 512 [ 28.140419][ T687] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.153688][ T687] EXT4-fs (loop0): get root inode failed [ 28.159163][ T687] EXT4-fs (loop0): mount failed [pid 692] ioctl(4, LOOP_SET_FD, 3 [pid 693] <... open resumed>) = 5 [pid 692] <... ioctl resumed>) = 0 [pid 693] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 692] close(3) = 0 [pid 692] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 692] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = 1 [pid 693] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 691] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] <... mount resumed>) = 0 [pid 693] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 693] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 691] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... open resumed>) = 3 [pid 691] <... futex resumed>) = 0 [pid 693] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 691] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] <... write resumed>) = 8 [pid 693] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 693] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 691] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] <... write resumed>) = 1045 [pid 693] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 693] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 692] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 692] ioctl(4, LOOP_CLR_FD) = 0 [pid 692] close(4) = 0 [pid 692] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] exit_group(0 [pid 693] <... futex resumed>) = ? [pid 691] <... exit_group resumed>) = ? [pid 693] +++ exited with 0 +++ [pid 692] <... futex resumed>) = ? [pid 692] +++ exited with 0 +++ [pid 691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=691, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 697 ./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x5555561b76a0, 24) = 0 [pid 697] chdir("./84") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 697] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[698]}, 88) = 698 [pid 697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 698 attached [pid 697] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 698] set_robust_list(0x7ff5a95349a0, 24 [pid 697] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 699 attached => {parent_tid=[699]}, 88) = 699 [pid 699] set_robust_list(0x7ff5a95139a0, 24 [pid 697] rt_sigprocmask(SIG_SETMASK, [], [pid 699] <... set_robust_list resumed>) = 0 [pid 697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 697] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] rt_sigprocmask(SIG_SETMASK, [], [pid 697] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 699] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 698] <... set_robust_list resumed>) = 0 [pid 698] rt_sigprocmask(SIG_SETMASK, [], [pid 699] <... open resumed>) = 3 [pid 699] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 699] <... futex resumed>) = 1 [pid 698] memfd_create("syzkaller", 0 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 698] <... memfd_create resumed>) = 4 [pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 699] <... mount resumed>) = 0 [pid 699] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... mmap resumed>) = 0x7ff5a10f3000 [pid 699] <... futex resumed>) = 1 [pid 698] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 698] <... write resumed>) = 262144 [pid 699] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] munmap(0x7ff5a10f3000, 138412032 [pid 699] <... futex resumed>) = 1 [pid 697] <... futex resumed>) = 0 [pid 699] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 697] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 697] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] <... futex resumed>) = 0 [pid 697] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 699] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 697] <... futex resumed>) = 0 [pid 699] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 697] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 699] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 698] <... munmap resumed>) = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.203881][ T692] loop0: detected capacity change from 0 to 512 [ 28.220443][ T692] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.233713][ T692] EXT4-fs (loop0): get root inode failed [ 28.239160][ T692] EXT4-fs (loop0): mount failed [pid 698] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 698] close(4) = 0 [pid 698] mkdir("./file1", 0777) = 0 [pid 698] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 698] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 698] chdir("./file1") = 0 [pid 698] ioctl(6, LOOP_CLR_FD) = 0 [pid 698] close(6) = 0 [pid 698] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] exit_group(0 [pid 699] <... futex resumed>) = ? [pid 697] <... exit_group resumed>) = ? [pid 699] +++ exited with 0 +++ [pid 698] <... futex resumed>) = ? [pid 698] +++ exited with 0 +++ [pid 697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=697, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 702 ./strace-static-x86_64: Process 702 attached [pid 702] set_robust_list(0x5555561b76a0, 24) = 0 [pid 702] chdir("./85") = 0 [pid 702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 702] setpgid(0, 0) = 0 [pid 702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 702] write(3, "1000", 4) = 4 [pid 702] close(3) = 0 [pid 702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 702] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 702] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[703]}, 88) = 703 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 702] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[704]}, 88) = 704 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 704] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 1 [pid 704] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 704] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 1 [pid 704] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 704] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 1 [pid 704] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 704] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 1 [pid 704] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 704] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 704] <... futex resumed>) = 1 [pid 704] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 703 attached [pid 703] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 703] memfd_create("syzkaller", 0) = 5 [pid 703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 703] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 703] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.271627][ T698] loop0: detected capacity change from 0 to 512 [ 28.301532][ T698] EXT4-fs (loop0): 1 orphan inode deleted [ 28.307283][ T698] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/84/file1 supports timestamps until 2038 (0x7fffffff) [pid 703] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 703] close(5) = 0 [pid 703] mkdir("./file1", 0777) = 0 [pid 703] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 703] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 703] chdir("./file1") = 0 [pid 703] ioctl(6, LOOP_CLR_FD) = 0 [pid 703] close(6) = 0 [pid 703] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 702] exit_group(0 [pid 704] <... futex resumed>) = ? [pid 702] <... exit_group resumed>) = ? [pid 704] +++ exited with 0 +++ [pid 703] <... futex resumed>) = ? [pid 703] +++ exited with 0 +++ [pid 702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=702, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x5555561b76a0, 24) = 0 [pid 707] chdir("./86") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 707] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[708]}, 88) = 708 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 707] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[709]}, 88) = 709 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x7ff5a95349a0, 24) = 0 [ 28.343211][ T703] loop0: detected capacity change from 0 to 512 [ 28.361178][ T703] EXT4-fs (loop0): 1 orphan inode deleted [ 28.366941][ T703] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/85/file1 supports timestamps until 2038 (0x7fffffff) [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 709 attached [pid 708] memfd_create("syzkaller", 0) = 3 [pid 708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 709] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 709] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 707] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = 1 [pid 709] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 707] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 709] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] <... futex resumed>) = 1 [pid 708] <... write resumed>) = 262144 [pid 708] munmap(0x7ff5a10f3000, 138412032 [pid 709] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 708] <... munmap resumed>) = 0 [pid 709] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 708] ioctl(6, LOOP_SET_FD, 3 [pid 709] <... futex resumed>) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 708] <... ioctl resumed>) = 0 [pid 708] close(3) = 0 [pid 708] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 708] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 709] <... write resumed>) = -1 EIO (Input/output error) [pid 709] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 709] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 707] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] <... write resumed>) = 1045 [pid 709] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = 1 [pid 709] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 708] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 708] ioctl(6, LOOP_CLR_FD) = 0 [pid 708] close(6) = 0 [pid 708] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 707] exit_group(0 [pid 709] <... futex resumed>) = ? [pid 708] <... futex resumed>) = ? [pid 707] <... exit_group resumed>) = ? [pid 709] +++ exited with 0 +++ [pid 708] +++ exited with 0 +++ [pid 707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=707, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 712 ./strace-static-x86_64: Process 712 attached [pid 712] set_robust_list(0x5555561b76a0, 24) = 0 [pid 712] chdir("./87") = 0 [pid 712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 712] setpgid(0, 0) = 0 [pid 712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 712] write(3, "1000", 4) = 4 [pid 712] close(3) = 0 [pid 712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 712] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 712] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[713]}, 88) = 713 [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 712] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[714]}, 88) = 714 [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 714 attached ./strace-static-x86_64: Process 713 attached [pid 714] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 713] set_robust_list(0x7ff5a95349a0, 24 [pid 714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 714] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 713] <... set_robust_list resumed>) = 0 [pid 713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 713] memfd_create("syzkaller", 0) = 3 [pid 713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 714] <... open resumed>) = 4 [pid 713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 714] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] <... futex resumed>) = 0 [pid 712] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 712] <... futex resumed>) = 0 [pid 713] <... write resumed>) = 262144 [pid 713] munmap(0x7ff5a10f3000, 138412032 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 713] <... munmap resumed>) = 0 [pid 713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 28.428807][ T708] loop0: detected capacity change from 0 to 512 [ 28.429145][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 28.449955][ T708] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.463226][ T708] EXT4-fs (loop0): get root inode failed [ 28.468690][ T708] EXT4-fs (loop0): mount failed [pid 713] ioctl(5, LOOP_SET_FD, 3 [pid 714] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 714] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] <... futex resumed>) = 0 [pid 712] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 713] <... ioctl resumed>) = 0 [pid 713] close(3) = 0 [pid 714] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 713] mkdir("./file1", 0777) = -1 EEXIST (File exists) [pid 713] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 714] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] <... futex resumed>) = 0 [pid 712] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] write(-1, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 EBADF (Bad file descriptor) [pid 714] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] <... futex resumed>) = 0 [pid 712] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 EBADF (Bad file descriptor) [pid 714] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] <... futex resumed>) = 0 [pid 714] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 713] <... mount resumed>) = -1 ENOTDIR (Not a directory) [ 28.504537][ T713] loop0: detected capacity change from 0 to 512 [ 28.521243][ T713] EXT4-fs (loop0): 1 orphan inode deleted [ 28.526853][ T713] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/87/file1 supports timestamps until 2038 (0x7fffffff) [pid 713] ioctl(5, LOOP_CLR_FD) = 0 [pid 713] close(5) = 0 [pid 713] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 712] exit_group(0 [pid 714] <... futex resumed>) = ? [pid 713] <... futex resumed>) = ? [pid 712] <... exit_group resumed>) = ? [pid 714] +++ exited with 0 +++ [pid 713] +++ exited with 0 +++ [pid 712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=712, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 717 ./strace-static-x86_64: Process 717 attached [pid 717] set_robust_list(0x5555561b76a0, 24) = 0 [pid 717] chdir("./88") = 0 [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 717] setpgid(0, 0) = 0 [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 717] write(3, "1000", 4) = 4 [pid 717] close(3) = 0 [pid 717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 717] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 717] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 718 attached [pid 718] set_robust_list(0x7ff5a95349a0, 24 [pid 717] <... clone3 resumed> => {parent_tid=[718]}, 88) = 718 [pid 718] <... set_robust_list resumed>) = 0 [pid 717] rt_sigprocmask(SIG_SETMASK, [], [pid 718] rt_sigprocmask(SIG_SETMASK, [], [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 717] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 718] memfd_create("syzkaller", 0 [pid 717] <... futex resumed>) = 0 [pid 718] <... memfd_create resumed>) = 3 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 717] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 718] <... mmap resumed>) = 0x7ff5a10f3000 [pid 717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 719 attached ) = 262144 [pid 718] munmap(0x7ff5a10f3000, 138412032 [pid 719] set_robust_list(0x7ff5a95139a0, 24 [pid 718] <... munmap resumed>) = 0 [pid 717] <... clone3 resumed> => {parent_tid=[719]}, 88) = 719 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 717] rt_sigprocmask(SIG_SETMASK, [], [pid 718] <... openat resumed>) = 4 [pid 718] ioctl(4, LOOP_SET_FD, 3 [pid 719] <... set_robust_list resumed>) = 0 [pid 718] <... ioctl resumed>) = 0 [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 718] close(3) = 0 [pid 718] mkdir("./file1", 0777 [pid 717] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] rt_sigprocmask(SIG_SETMASK, [], [pid 717] <... futex resumed>) = 0 [pid 718] <... mkdir resumed>) = 0 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 718] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 719] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 719] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 719] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 719] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 719] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] <... futex resumed>) = 1 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... futex resumed>) = 0 [pid 719] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 719] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... futex resumed>) = 1 [pid 719] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 719] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 717] <... futex resumed>) = 0 [pid 719] <... futex resumed>) = 1 [pid 719] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 718] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 718] ioctl(4, LOOP_CLR_FD) = 0 [pid 718] close(4) = 0 [pid 718] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 718] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] exit_group(0 [pid 719] <... futex resumed>) = ? [pid 717] <... exit_group resumed>) = ? [pid 719] +++ exited with 0 +++ [pid 718] <... futex resumed>) = ? [pid 718] +++ exited with 0 +++ [pid 717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=717, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 722 ./strace-static-x86_64: Process 722 attached [pid 722] set_robust_list(0x5555561b76a0, 24) = 0 [pid 722] chdir("./89") = 0 [pid 722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 722] setpgid(0, 0) = 0 [pid 722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 722] write(3, "1000", 4) = 4 [pid 722] close(3) = 0 [pid 722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 722] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 722] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 722] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 723 attached => {parent_tid=[723]}, 88) = 723 [pid 723] set_robust_list(0x7ff5a95349a0, 24 [pid 722] rt_sigprocmask(SIG_SETMASK, [], [pid 723] <... set_robust_list resumed>) = 0 [pid 722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 723] rt_sigprocmask(SIG_SETMASK, [], [pid 722] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] memfd_create("syzkaller", 0 [pid 722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 722] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 723] <... memfd_create resumed>) = 3 [pid 722] <... mprotect resumed>) = 0 [pid 723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 722] rt_sigprocmask(SIG_BLOCK, ~[], [pid 723] <... mmap resumed>) = 0x7ff5a10f3000 [pid 722] <... rt_sigprocmask resumed>[], 8) = 0 [pid 722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[724]}, 88) = 724 ./strace-static-x86_64: Process 724 attached [pid 724] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 724] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 722] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 724] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 724] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 724] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 722] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... open resumed>) = 5 [pid 724] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 724] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 722] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... write resumed>) = 262144 [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 724] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 724] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 722] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] munmap(0x7ff5a10f3000, 138412032 [pid 724] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... munmap resumed>) = 0 [pid 723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 723] ioctl(6, LOOP_SET_FD, 3 [pid 724] <... futex resumed>) = 1 [pid 724] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] <... futex resumed>) = 0 [ 28.640833][ T718] loop0: detected capacity change from 0 to 512 [ 28.652392][ T718] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.665702][ T718] EXT4-fs (loop0): get root inode failed [ 28.671279][ T718] EXT4-fs (loop0): mount failed [pid 723] <... ioctl resumed>) = 0 [pid 723] close(3) = 0 [pid 723] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 723] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 723] ioctl(6, LOOP_CLR_FD) = 0 [pid 723] close(6) = 0 [pid 723] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] exit_group(0) = ? [pid 724] <... futex resumed>) = ? [pid 723] <... futex resumed>) = ? [pid 723] +++ exited with 0 +++ [pid 724] +++ exited with 0 +++ [pid 722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=722, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 728 ./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x5555561b76a0, 24) = 0 [pid 728] chdir("./90") = 0 [pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 728] setpgid(0, 0) = 0 [pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 28.712135][ T723] loop0: detected capacity change from 0 to 512 [ 28.731555][ T723] EXT4-fs (loop0): 1 orphan inode deleted [ 28.737149][ T723] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/89/bus supports timestamps until 2038 (0x7fffffff) [pid 728] write(3, "1000", 4) = 4 [pid 728] close(3) = 0 [pid 728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 728] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 728] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x7ff5a95349a0, 24 [pid 728] <... clone3 resumed> => {parent_tid=[729]}, 88) = 729 [pid 729] <... set_robust_list resumed>) = 0 [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 729] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = 0 [pid 728] <... futex resumed>) = 1 [pid 729] memfd_create("syzkaller", 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... memfd_create resumed>) = 3 [pid 728] <... futex resumed>) = 0 [pid 729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 729] <... mmap resumed>) = 0x7ff5a1114000 [pid 728] <... mmap resumed>) = 0x7ff5a10f3000 [pid 728] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0} => {parent_tid=[730]}, 88) = 730 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 730 attached [pid 729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 728] <... futex resumed>) = 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 729] <... write resumed>) = 262144 [pid 729] munmap(0x7ff5a1114000, 138412032 [pid 730] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... munmap resumed>) = 0 [pid 729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 729] ioctl(5, LOOP_SET_FD, 3 [pid 728] <... futex resumed>) = 0 [pid 728] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 730] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 728] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 730] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 728] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 729] <... ioctl resumed>) = 0 [pid 730] <... write resumed>) = -1 EIO (Input/output error) [pid 729] close(3) = 0 [pid 729] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 729] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 730] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 728] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 730] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 730] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 729] ioctl(5, LOOP_CLR_FD) = 0 [pid 729] close(5) = 0 [pid 729] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] exit_group(0) = ? [pid 730] <... futex resumed>) = ? [pid 730] +++ exited with 0 +++ [pid 729] <... futex resumed>) = ? [pid 729] +++ exited with 0 +++ [pid 728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=728, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 731 ./strace-static-x86_64: Process 731 attached [pid 731] set_robust_list(0x5555561b76a0, 24) = 0 [pid 731] chdir("./91") = 0 [pid 731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 731] setpgid(0, 0) = 0 [pid 731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 731] write(3, "1000", 4) = 4 [pid 731] close(3) = 0 [pid 731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 731] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 731] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 732 attached [pid 732] set_robust_list(0x7ff5a95349a0, 24 [pid 731] <... clone3 resumed> => {parent_tid=[732]}, 88) = 732 [pid 732] <... set_robust_list resumed>) = 0 [pid 731] rt_sigprocmask(SIG_SETMASK, [], [pid 732] rt_sigprocmask(SIG_SETMASK, [], [pid 731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 731] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 731] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 732] memfd_create("syzkaller", 0) = 3 [pid 732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 733 attached => {parent_tid=[733]}, 88) = 733 [pid 733] set_robust_list(0x7ff5a95139a0, 24 [pid 731] rt_sigprocmask(SIG_SETMASK, [], [pid 733] <... set_robust_list resumed>) = 0 [pid 731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 731] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 733] rt_sigprocmask(SIG_SETMASK, [], [pid 731] <... futex resumed>) = 0 [pid 732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 733] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 732] <... write resumed>) = 262144 [pid 732] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 28.802440][ T729] loop0: detected capacity change from 0 to 512 [ 28.804882][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 28.819165][ T729] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 732] ioctl(5, LOOP_SET_FD, 3 [pid 733] <... open resumed>) = 4 [pid 732] <... ioctl resumed>) = 0 [pid 732] close(3) = 0 [pid 732] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 732] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 733] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 733] <... futex resumed>) = 1 [pid 733] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 731] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 733] <... mount resumed>) = 0 [pid 733] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 731] <... futex resumed>) = 0 [pid 731] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 733] <... futex resumed>) = 0 [pid 733] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 733] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 731] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 733] <... futex resumed>) = 1 [pid 733] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 733] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 731] <... futex resumed>) = 0 [pid 731] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 733] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 733] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 731] <... futex resumed>) = 0 [pid 733] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 732] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 732] ioctl(5, LOOP_CLR_FD) = 0 [pid 732] close(5) = 0 [pid 732] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 731] exit_group(0 [pid 733] <... futex resumed>) = ? [pid 731] <... exit_group resumed>) = ? [pid 733] +++ exited with 0 +++ [pid 732] <... futex resumed>) = ? [pid 732] +++ exited with 0 +++ [pid 731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=731, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 736 ./strace-static-x86_64: Process 736 attached [pid 736] set_robust_list(0x5555561b76a0, 24) = 0 [pid 736] chdir("./92") = 0 [pid 736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 736] setpgid(0, 0) = 0 [pid 736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 736] write(3, "1000", 4) = 4 [pid 736] close(3) = 0 [pid 736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 736] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 736] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[737]}, 88) = 737 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 736] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[738]}, 88) = 738 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 737 attached [pid 737] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 737] memfd_create("syzkaller", 0) = 3 [pid 737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 738 attached [pid 738] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 738] <... open resumed>) = 4 [pid 738] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 738] <... futex resumed>) = 1 [pid 738] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 738] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 738] <... futex resumed>) = 1 [pid 738] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 738] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 738] <... futex resumed>) = 1 [pid 738] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 738] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 738] <... futex resumed>) = 1 [pid 738] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 738] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 737] <... write resumed>) = 262144 [pid 738] <... futex resumed>) = 1 [pid 738] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 737] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.853874][ T732] loop0: detected capacity change from 0 to 512 [ 28.870453][ T732] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 28.883721][ T732] EXT4-fs (loop0): get root inode failed [ 28.889284][ T732] EXT4-fs (loop0): mount failed [pid 737] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 737] close(3) = 0 [pid 737] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 737] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 737] ioctl(6, LOOP_CLR_FD) = 0 [pid 737] close(6) = 0 [pid 737] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] exit_group(0 [pid 738] <... futex resumed>) = ? [pid 736] <... exit_group resumed>) = ? [pid 738] +++ exited with 0 +++ [pid 737] <... futex resumed>) = ? [pid 737] +++ exited with 0 +++ [pid 736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=736, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 741 ./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x5555561b76a0, 24) = 0 [pid 741] chdir("./93") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 741] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 741] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 742 attached [pid 742] set_robust_list(0x7ff5a95349a0, 24 [pid 741] <... clone3 resumed> => {parent_tid=[742]}, 88) = 742 [pid 742] <... set_robust_list resumed>) = 0 [pid 741] rt_sigprocmask(SIG_SETMASK, [], [pid 742] rt_sigprocmask(SIG_SETMASK, [], [pid 741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 741] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] memfd_create("syzkaller", 0 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] <... memfd_create resumed>) = 3 [pid 742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 741] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 742] <... mmap resumed>) = 0x7ff5a10f3000 [pid 741] <... mprotect resumed>) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 743 attached => {parent_tid=[743]}, 88) = 743 [pid 743] set_robust_list(0x7ff5a95139a0, 24) = 0 [ 28.915229][ T737] loop0: detected capacity change from 0 to 512 [ 28.931351][ T737] EXT4-fs (loop0): 1 orphan inode deleted [ 28.937064][ T737] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/92/bus supports timestamps until 2038 (0x7fffffff) [pid 743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 743] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 743] <... futex resumed>) = 0 [pid 743] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... open resumed>) = 4 [pid 743] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 743] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 743] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 743] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 743] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 743] <... futex resumed>) = 1 [pid 743] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 742] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 742] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 742] close(3) = 0 [pid 742] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 742] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 742] ioctl(6, LOOP_CLR_FD) = 0 [pid 742] close(6) = 0 [pid 742] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] exit_group(0) = ? [pid 742] <... futex resumed>) = ? [pid 742] +++ exited with 0 +++ [pid 743] <... futex resumed>) = ? [pid 743] +++ exited with 0 +++ [pid 741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=741, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 746 [ 29.002292][ T742] loop0: detected capacity change from 0 to 512 [ 29.021415][ T742] EXT4-fs (loop0): 1 orphan inode deleted [ 29.027177][ T742] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/93/bus supports timestamps until 2038 (0x7fffffff) ./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x5555561b76a0, 24) = 0 [pid 746] chdir("./94") = 0 [pid 746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 746] setpgid(0, 0) = 0 [pid 746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 746] write(3, "1000", 4) = 4 [pid 746] close(3) = 0 [pid 746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 746] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 746] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[747]}, 88) = 747 ./strace-static-x86_64: Process 747 attached [pid 747] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 746] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] memfd_create("syzkaller", 0 [pid 746] <... futex resumed>) = 0 [pid 747] <... memfd_create resumed>) = 3 [pid 746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 746] <... mmap resumed>) = 0x7ff5a94f3000 [pid 746] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 747] <... mmap resumed>) = 0x7ff5a10f3000 [pid 746] <... mprotect resumed>) = 0 [pid 746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 748 attached [pid 748] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] <... clone3 resumed> => {parent_tid=[748]}, 88) = 748 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] <... futex resumed>) = 0 [pid 748] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 746] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... open resumed>) = 4 [pid 748] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] <... futex resumed>) = 0 [pid 748] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 746] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... mount resumed>) = 0 [pid 748] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] <... futex resumed>) = 0 [pid 747] <... write resumed>) = 262144 [pid 748] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 748] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = 0 [pid 748] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 748] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 748] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 748] <... futex resumed>) = 1 [pid 747] munmap(0x7ff5a10f3000, 138412032 [pid 748] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] <... munmap resumed>) = 0 [pid 747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 747] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 747] close(3) = 0 [pid 747] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 747] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 747] ioctl(6, LOOP_CLR_FD) = 0 [pid 747] close(6) = 0 [pid 747] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] exit_group(0) = ? [pid 748] <... futex resumed>) = ? [pid 747] <... futex resumed>) = ? [pid 747] +++ exited with 0 +++ [pid 748] +++ exited with 0 +++ [pid 746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=746, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 751 attached , child_tidptr=0x5555561b7690) = 751 [pid 751] set_robust_list(0x5555561b76a0, 24) = 0 [pid 751] chdir("./95") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 751] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 751] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[752]}, 88) = 752 ./strace-static-x86_64: Process 752 attached [pid 751] rt_sigprocmask(SIG_SETMASK, [], [pid 752] set_robust_list(0x7ff5a95349a0, 24 [pid 751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 751] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[753]}, 88) = 753 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... set_robust_list resumed>) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 752] memfd_create("syzkaller", 0./strace-static-x86_64: Process 753 attached ) = 3 [pid 752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 753] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 753] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 753] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 753] <... futex resumed>) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 752] <... write resumed>) = 262144 [pid 753] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 753] <... futex resumed>) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 29.109468][ T747] loop0: detected capacity change from 0 to 512 [ 29.121402][ T747] EXT4-fs (loop0): 1 orphan inode deleted [ 29.127269][ T747] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/94/bus supports timestamps until 2038 (0x7fffffff) [pid 752] ioctl(5, LOOP_SET_FD, 3 [pid 753] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 752] <... ioctl resumed>) = 0 [pid 752] close(3) = 0 [pid 752] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 752] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 753] <... open resumed>) = 3 [pid 753] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] <... futex resumed>) = 1 [pid 753] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 753] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 753] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 753] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 752] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 752] ioctl(5, LOOP_CLR_FD) = 0 [pid 752] close(5) = 0 [pid 752] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 752] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 751] exit_group(0 [pid 753] <... futex resumed>) = ? [pid 751] <... exit_group resumed>) = ? [pid 752] <... futex resumed>) = ? [pid 753] +++ exited with 0 +++ [pid 752] +++ exited with 0 +++ [pid 751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=751, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 757 ./strace-static-x86_64: Process 757 attached [pid 757] set_robust_list(0x5555561b76a0, 24) = 0 [pid 757] chdir("./96") = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 757] write(3, "1000", 4) = 4 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 757] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 757] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 758 attached => {parent_tid=[758]}, 88) = 758 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] set_robust_list(0x7ff5a95349a0, 24 [pid 757] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 757] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[759]}, 88) = 759 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... set_robust_list resumed>) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] memfd_create("syzkaller", 0) = 3 [pid 758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 759] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 759] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 759] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... write resumed>) = 262144 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 759] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 29.187340][ T752] loop0: detected capacity change from 0 to 512 [ 29.200242][ T752] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 29.213549][ T752] EXT4-fs (loop0): get root inode failed [ 29.219127][ T752] EXT4-fs (loop0): mount failed [pid 758] ioctl(5, LOOP_SET_FD, 3 [pid 759] <... open resumed>) = 6 [pid 759] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 758] <... ioctl resumed>) = 0 [pid 757] <... futex resumed>) = 0 [pid 758] close(3 [pid 757] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... futex resumed>) = 0 [pid 759] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 758] <... close resumed>) = 0 [pid 758] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 759] <... write resumed>) = 8 [pid 759] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 757] <... futex resumed>) = 1 [pid 759] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 757] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... write resumed>) = 1045 [pid 758] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 759] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 759] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 758] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 758] ioctl(5, LOOP_CLR_FD) = 0 [pid 758] close(5) = 0 [pid 758] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] exit_group(0) = ? [pid 758] <... futex resumed>) = ? [pid 758] +++ exited with 0 +++ [pid 759] <... futex resumed>) = ? [pid 759] +++ exited with 0 +++ [pid 757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=757, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 760 ./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x5555561b76a0, 24) = 0 [pid 760] chdir("./97") = 0 [pid 760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 760] setpgid(0, 0) = 0 [pid 760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 760] write(3, "1000", 4) = 4 [pid 760] close(3) = 0 [pid 760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 760] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 760] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[761]}, 88) = 761 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 760] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 762 attached ./strace-static-x86_64: Process 761 attached => {parent_tid=[762]}, 88) = 762 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 762] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 762] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 762] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 762] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 762] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 762] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 762] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 761] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 761] memfd_create("syzkaller", 0) = 5 [pid 761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 761] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 761] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.257656][ T758] loop0: detected capacity change from 0 to 512 [ 29.266858][ T758] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 761] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 761] close(5) = 0 [pid 761] mkdir("./file1", 0777) = 0 [pid 761] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 761] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 761] chdir("./file1") = 0 [pid 761] ioctl(6, LOOP_CLR_FD) = 0 [pid 761] close(6) = 0 [pid 761] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 761] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 760] exit_group(0) = ? [pid 761] <... futex resumed>) = ? [pid 761] +++ exited with 0 +++ [pid 762] <... futex resumed>) = ? [pid 762] +++ exited with 0 +++ [pid 760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=760, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 765 ./strace-static-x86_64: Process 765 attached [pid 765] set_robust_list(0x5555561b76a0, 24) = 0 [pid 765] chdir("./98") = 0 [pid 765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 765] setpgid(0, 0) = 0 [pid 765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 765] write(3, "1000", 4) = 4 [pid 765] close(3) = 0 [pid 765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 765] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 765] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[766]}, 88) = 766 [pid 765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 765] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 765] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[767]}, 88) = 767 [pid 765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 765] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 766 attached [pid 766] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] memfd_create("syzkaller", 0) = 3 [pid 766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 767 attached [pid 767] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 766] <... write resumed>) = 262144 [pid 767] rt_sigprocmask(SIG_SETMASK, [], [pid 766] munmap(0x7ff5a10f3000, 138412032 [pid 767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 767] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 766] <... munmap resumed>) = 0 [pid 766] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 767] <... open resumed>) = 4 [pid 767] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... openat resumed>) = 5 [pid 767] <... futex resumed>) = 1 [pid 766] ioctl(5, LOOP_SET_FD, 3 [pid 765] <... futex resumed>) = 0 [pid 765] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 29.298432][ T761] loop0: detected capacity change from 0 to 512 [ 29.311022][ T761] EXT4-fs (loop0): 1 orphan inode deleted [ 29.316899][ T761] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/97/file1 supports timestamps until 2038 (0x7fffffff) [pid 765] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 766] <... ioctl resumed>) = 0 [pid 767] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 766] close(3 [pid 767] <... mount resumed>) = 0 [pid 766] <... close resumed>) = 0 [pid 767] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] mkdir("./bus", 0777 [pid 765] <... futex resumed>) = 0 [pid 767] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 765] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 766] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 767] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 766] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 767] <... open resumed>) = 3 [pid 767] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 765] <... futex resumed>) = 0 [pid 767] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 765] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... write resumed>) = 8 [pid 767] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 765] <... futex resumed>) = 0 [pid 767] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 765] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 765] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... write resumed>) = 1045 [pid 767] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 765] <... futex resumed>) = 0 [pid 767] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 766] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 766] ioctl(5, LOOP_CLR_FD) = 0 [pid 766] close(5) = 0 [pid 766] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 765] exit_group(0 [pid 767] <... futex resumed>) = ? [pid 765] <... exit_group resumed>) = ? [pid 767] +++ exited with 0 +++ [pid 766] <... futex resumed>) = ? [pid 766] +++ exited with 0 +++ [pid 765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=765, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 768 ./strace-static-x86_64: Process 768 attached [pid 768] set_robust_list(0x5555561b76a0, 24) = 0 [pid 768] chdir("./99") = 0 [pid 768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 768] setpgid(0, 0) = 0 [pid 768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 768] write(3, "1000", 4) = 4 [pid 768] close(3) = 0 [pid 768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 768] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 768] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 768] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[769]}, 88) = 769 [pid 768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 768] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 768] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 768] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[770]}, 88) = 770 ./strace-static-x86_64: Process 770 attached ./strace-static-x86_64: Process 769 attached [pid 768] rt_sigprocmask(SIG_SETMASK, [], [pid 770] set_robust_list(0x7ff5a95139a0, 24 [pid 769] set_robust_list(0x7ff5a95349a0, 24 [pid 768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 768] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 768] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... set_robust_list resumed>) = 0 [pid 769] <... set_robust_list resumed>) = 0 [pid 770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_SETMASK, [], [pid 770] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 770] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] memfd_create("syzkaller", 0 [pid 770] <... futex resumed>) = 1 [pid 769] <... memfd_create resumed>) = 4 [pid 768] <... futex resumed>) = 0 [pid 768] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 768] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 770] <... mount resumed>) = 0 [pid 770] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... mmap resumed>) = 0x7ff5a10f3000 [pid 768] <... futex resumed>) = 0 [pid 770] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 1 [pid 770] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 768] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... open resumed>) = 5 [pid 770] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 768] <... futex resumed>) = 0 [pid 770] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 768] <... futex resumed>) = 0 [pid 770] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 768] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 770] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 770] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] <... futex resumed>) = 0 [pid 768] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 1 [pid 770] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 770] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 769] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 769] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 769] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 769] close(4) = 0 [pid 769] mkdir("./file1", 0777) = 0 [ 29.350891][ T766] loop0: detected capacity change from 0 to 512 [ 29.360649][ T766] EXT4-fs (loop0): can't read group descriptor 0 [ 29.388383][ T769] loop0: detected capacity change from 0 to 512 [pid 769] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 769] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 769] chdir("./file1") = 0 [pid 769] ioctl(6, LOOP_CLR_FD) = 0 [pid 769] close(6) = 0 [pid 769] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] exit_group(0) = ? [pid 769] <... futex resumed>) = ? [pid 769] +++ exited with 0 +++ [pid 770] <... futex resumed>) = ? [pid 770] +++ exited with 0 +++ [pid 768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=768, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 773 attached [pid 773] set_robust_list(0x5555561b76a0, 24) = 0 [pid 773] chdir("./100") = 0 [pid 773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 773] setpgid(0, 0) = 0 [pid 773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 773] write(3, "1000", 4) = 4 [pid 773] close(3) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 773 [pid 773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 773] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 773] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[774]}, 88) = 774 [pid 773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 773] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 773] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[775]}, 88) = 775 [pid 773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 773] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 774 attached [pid 774] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 774] memfd_create("syzkaller", 0) = 3 [pid 774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 775 attached ) = 0x7ff5a10f3000 [pid 775] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 775] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 773] <... futex resumed>) = 0 [pid 773] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 775] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 775] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 773] <... futex resumed>) = 0 [pid 773] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 773] <... futex resumed>) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 775] <... open resumed>) = 5 [pid 774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 775] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 773] <... futex resumed>) = 0 [pid 773] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 775] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 775] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 773] <... futex resumed>) = 0 [pid 773] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 775] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 774] <... write resumed>) = 262144 [pid 775] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 774] munmap(0x7ff5a10f3000, 138412032 [pid 775] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 773] <... futex resumed>) = 0 [pid 775] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 774] <... munmap resumed>) = 0 [pid 774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.400652][ T769] EXT4-fs (loop0): 1 orphan inode deleted [ 29.406304][ T769] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/99/file1 supports timestamps until 2038 (0x7fffffff) [pid 774] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 774] close(3) = 0 [pid 774] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 774] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 774] ioctl(6, LOOP_CLR_FD) = 0 [pid 774] close(6) = 0 [pid 774] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 774] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] exit_group(0) = ? [pid 774] <... futex resumed>) = ? [pid 774] +++ exited with 0 +++ [pid 775] <... futex resumed>) = ? [pid 775] +++ exited with 0 +++ [pid 773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=773, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 778 ./strace-static-x86_64: Process 778 attached [pid 778] set_robust_list(0x5555561b76a0, 24) = 0 [pid 778] chdir("./101") = 0 [pid 778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 778] setpgid(0, 0) = 0 [pid 778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 778] write(3, "1000", 4) = 4 [pid 778] close(3) = 0 [pid 778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 778] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 778] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 779 attached => {parent_tid=[779]}, 88) = 779 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 778] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[780]}, 88) = 780 ./strace-static-x86_64: Process 780 attached [pid 779] set_robust_list(0x7ff5a95349a0, 24 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 779] <... set_robust_list resumed>) = 0 [pid 780] set_robust_list(0x7ff5a95139a0, 24 [pid 779] rt_sigprocmask(SIG_SETMASK, [], [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... set_robust_list resumed>) = 0 [pid 780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 780] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 780] <... open resumed>) = 3 [pid 780] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 779] memfd_create("syzkaller", 0 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... memfd_create resumed>) = 4 [pid 780] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 780] <... mount resumed>) = 0 [pid 780] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 780] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [ 29.447326][ T774] loop0: detected capacity change from 0 to 512 [ 29.461924][ T774] EXT4-fs (loop0): 1 orphan inode deleted [ 29.467574][ T774] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/100/bus supports timestamps until 2038 (0x7fffffff) [pid 778] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 780] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... mmap resumed>) = 0x7ff5a10f3000 [pid 780] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 780] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [pid 780] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 779] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 779] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 779] close(4) = 0 [pid 779] mkdir("./file1", 0777) = 0 [pid 779] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 779] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 779] chdir("./file1") = 0 [pid 779] ioctl(6, LOOP_CLR_FD) = 0 [pid 779] close(6) = 0 [pid 779] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 779] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] exit_group(0 [pid 780] <... futex resumed>) = ? [pid 780] +++ exited with 0 +++ [pid 778] <... exit_group resumed>) = ? [pid 779] <... futex resumed>) = ? [pid 779] +++ exited with 0 +++ [pid 778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=778, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 783 ./strace-static-x86_64: Process 783 attached [pid 783] set_robust_list(0x5555561b76a0, 24) = 0 [pid 783] chdir("./102") = 0 [pid 783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 783] setpgid(0, 0) = 0 [pid 783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 783] write(3, "1000", 4) = 4 [pid 783] close(3) = 0 [pid 783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 783] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 783] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[784]}, 88) = 784 [pid 783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 783] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 783] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[785]}, 88) = 785 [pid 783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 783] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 785 attached ./strace-static-x86_64: Process 784 attached [pid 784] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] memfd_create("syzkaller", 0) = 3 [pid 784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 785] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 785] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 785] <... open resumed>) = 4 [pid 785] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 783] <... futex resumed>) = 0 [pid 783] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 784] <... write resumed>) = 262144 [pid 784] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 29.532047][ T779] loop0: detected capacity change from 0 to 512 [ 29.551297][ T779] EXT4-fs (loop0): 1 orphan inode deleted [ 29.557054][ T779] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/101/file1 supports timestamps until 2038 (0x7fffffff) [pid 784] ioctl(5, LOOP_SET_FD, 3 [pid 785] <... mount resumed>) = 0 [pid 784] <... ioctl resumed>) = 0 [pid 784] close(3) = 0 [pid 784] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 784] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 785] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 783] <... futex resumed>) = 0 [pid 783] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 785] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 783] <... futex resumed>) = 0 [pid 783] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] <... futex resumed>) = 1 [pid 785] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 785] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 783] <... futex resumed>) = 0 [pid 783] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 783] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] <... futex resumed>) = 1 [pid 785] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 785] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 783] <... futex resumed>) = 0 [pid 785] <... futex resumed>) = 1 [pid 785] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 784] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 784] ioctl(5, LOOP_CLR_FD) = 0 [pid 784] close(5) = 0 [pid 784] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 783] exit_group(0 [pid 785] <... futex resumed>) = ? [pid 783] <... exit_group resumed>) = ? [pid 785] +++ exited with 0 +++ [pid 784] <... futex resumed>) = ? [pid 784] +++ exited with 0 +++ [pid 783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=783, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 788 ./strace-static-x86_64: Process 788 attached [pid 788] set_robust_list(0x5555561b76a0, 24) = 0 [pid 788] chdir("./103") = 0 [pid 788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 788] setpgid(0, 0) = 0 [pid 788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 788] write(3, "1000", 4) = 4 [pid 788] close(3) = 0 [pid 788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 788] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 788] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[789]}, 88) = 789 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 788] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 789 attached [pid 788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[790]}, 88) = 790 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 789] memfd_create("syzkaller", 0) = 3 [pid 789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 790 attached [pid 790] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 790] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 790] <... open resumed>) = 4 [pid 790] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 788] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... write resumed>) = 262144 [pid 789] munmap(0x7ff5a10f3000, 138412032 [pid 790] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 789] <... munmap resumed>) = 0 [pid 789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 29.596802][ T784] loop0: detected capacity change from 0 to 512 [ 29.611205][ T784] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 29.624425][ T784] EXT4-fs (loop0): get root inode failed [ 29.630050][ T784] EXT4-fs (loop0): mount failed [pid 789] ioctl(5, LOOP_SET_FD, 3 [pid 790] <... mount resumed>) = 0 [pid 789] <... ioctl resumed>) = 0 [pid 789] close(3) = 0 [pid 789] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 789] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 790] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 790] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 788] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 790] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 790] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 788] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... write resumed>) = 8 [pid 788] <... futex resumed>) = 0 [pid 790] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 790] <... futex resumed>) = 0 [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 788] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... write resumed>) = 1045 [pid 788] <... futex resumed>) = 0 [pid 790] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 790] <... futex resumed>) = 0 [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 789] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 789] ioctl(5, LOOP_CLR_FD) = 0 [pid 789] close(5) = 0 [pid 789] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 789] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 788] exit_group(0 [pid 790] <... futex resumed>) = ? [pid 788] <... exit_group resumed>) = ? [pid 790] +++ exited with 0 +++ [pid 789] <... futex resumed>) = ? [pid 789] +++ exited with 0 +++ [pid 788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=788, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 793 ./strace-static-x86_64: Process 793 attached [pid 793] set_robust_list(0x5555561b76a0, 24) = 0 [pid 793] chdir("./104") = 0 [pid 793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 793] setpgid(0, 0) = 0 [pid 793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 793] write(3, "1000", 4) = 4 [pid 793] close(3) = 0 [pid 793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 793] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 793] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[794]}, 88) = 794 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 793] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[795]}, 88) = 795 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] memfd_create("syzkaller", 0) = 3 [pid 794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 795 attached [pid 795] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 795] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 795] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 795] <... futex resumed>) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 795] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 795] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... write resumed>) = 262144 [pid 794] munmap(0x7ff5a10f3000, 138412032 [pid 795] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 794] <... munmap resumed>) = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 29.659970][ T789] loop0: detected capacity change from 0 to 512 [ 29.670102][ T789] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 29.683522][ T789] EXT4-fs (loop0): get root inode failed [ 29.689040][ T789] EXT4-fs (loop0): mount failed [pid 794] ioctl(5, LOOP_SET_FD, 3 [pid 795] <... open resumed>) = 6 [pid 795] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 795] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] <... futex resumed>) = 0 [pid 794] <... ioctl resumed>) = 0 [pid 794] close(3 [pid 793] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... futex resumed>) = 0 [pid 794] <... close resumed>) = 0 [pid 793] <... futex resumed>) = 1 [pid 793] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 795] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 794] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 794] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 795] <... write resumed>) = 8 [pid 795] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 795] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 793] <... futex resumed>) = 0 [pid 795] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 795] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 795] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 794] <... mount resumed>) = -1 ENOTDIR (Not a directory) [pid 794] ioctl(5, LOOP_CLR_FD) = 0 [pid 794] close(5) = 0 [pid 794] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] exit_group(0) = ? [pid 794] <... futex resumed>) = ? [pid 794] +++ exited with 0 +++ [pid 795] <... futex resumed>) = ? [pid 795] +++ exited with 0 +++ [pid 793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=793, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 798 ./strace-static-x86_64: Process 798 attached [pid 798] set_robust_list(0x5555561b76a0, 24) = 0 [pid 798] chdir("./105") = 0 [pid 798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 798] setpgid(0, 0) = 0 [pid 798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 798] write(3, "1000", 4) = 4 [pid 798] close(3) = 0 [pid 798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 798] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 798] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 798] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 799 attached [pid 799] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] <... clone3 resumed> => {parent_tid=[799]}, 88) = 799 [pid 798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 798] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 798] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 798] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 799] <... futex resumed>) = 0 [pid 798] <... clone3 resumed> => {parent_tid=[800]}, 88) = 800 [pid 798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 798] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 798] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 800] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] memfd_create("syzkaller", 0 [pid 798] <... futex resumed>) = 0 [pid 798] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 798] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 1 [pid 800] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 799] <... memfd_create resumed>) = 4 [pid 799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 800] <... mount resumed>) = 0 [pid 800] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 798] <... futex resumed>) = 0 [pid 800] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 798] <... futex resumed>) = 0 [pid 800] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 798] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... open resumed>) = 5 [pid 800] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = 0 [pid 800] <... futex resumed>) = 1 [pid 798] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 798] <... futex resumed>) = 0 [pid 800] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 798] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 800] <... futex resumed>) = 0 [pid 798] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 798] <... futex resumed>) = 0 [pid 800] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 798] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 800] <... futex resumed>) = 0 [pid 800] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] <... mmap resumed>) = 0x7ff5a10f3000 [pid 799] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 799] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.723547][ T794] loop0: detected capacity change from 0 to 512 [ 29.740956][ T794] EXT4-fs (loop0): 1 orphan inode deleted [ 29.746752][ T794] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/104/bus supports timestamps until 2038 (0x7fffffff) [pid 799] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 799] close(4) = 0 [pid 799] mkdir("./file1", 0777) = 0 [pid 799] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 799] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 799] chdir("./file1") = 0 [pid 799] ioctl(6, LOOP_CLR_FD) = 0 [pid 799] close(6) = 0 [pid 799] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] exit_group(0) = ? [pid 799] <... futex resumed>) = ? [pid 799] +++ exited with 0 +++ [pid 800] <... futex resumed>) = ? [pid 800] +++ exited with 0 +++ [pid 798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=798, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 803 ./strace-static-x86_64: Process 803 attached [pid 803] set_robust_list(0x5555561b76a0, 24) = 0 [pid 803] chdir("./106") = 0 [pid 803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 803] setpgid(0, 0) = 0 [pid 803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 803] write(3, "1000", 4) = 4 [pid 803] close(3) = 0 [pid 803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 803] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 803] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 804 attached [pid 804] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 804] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 803] <... clone3 resumed> => {parent_tid=[804]}, 88) = 804 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 804] <... futex resumed>) = 0 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 804] memfd_create("syzkaller", 0 [pid 803] <... mmap resumed>) = 0x7ff5a94f3000 [pid 804] <... memfd_create resumed>) = 3 [pid 803] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 803] <... mprotect resumed>) = 0 [pid 803] rt_sigprocmask(SIG_BLOCK, ~[], [pid 804] <... mmap resumed>) = 0x7ff5a10f3000 [pid 803] <... rt_sigprocmask resumed>[], 8) = 0 [pid 803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 803] <... clone3 resumed> => {parent_tid=[805]}, 88) = 805 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... open resumed>) = 4 [pid 805] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 805] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 805] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 805] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 804] <... write resumed>) = 262144 [pid 805] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 803] <... futex resumed>) = 0 [pid 804] munmap(0x7ff5a10f3000, 138412032 [pid 805] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 804] <... munmap resumed>) = 0 [pid 804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.796100][ T799] loop0: detected capacity change from 0 to 512 [ 29.821233][ T799] EXT4-fs (loop0): 1 orphan inode deleted [ 29.826989][ T799] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/105/file1 supports timestamps until 2038 (0x7fffffff) [pid 804] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 804] close(3) = 0 [pid 804] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 804] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 804] ioctl(6, LOOP_CLR_FD) = 0 [pid 804] close(6) = 0 [pid 804] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 804] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 803] exit_group(0 [pid 805] <... futex resumed>) = ? [pid 804] <... futex resumed>) = ? [pid 803] <... exit_group resumed>) = ? [pid 805] +++ exited with 0 +++ [pid 804] +++ exited with 0 +++ [pid 803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=803, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 808 ./strace-static-x86_64: Process 808 attached [pid 808] set_robust_list(0x5555561b76a0, 24) = 0 [pid 808] chdir("./107") = 0 [ 29.874005][ T804] loop0: detected capacity change from 0 to 512 [ 29.891058][ T804] EXT4-fs (loop0): 1 orphan inode deleted [ 29.896778][ T804] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/106/bus supports timestamps until 2038 (0x7fffffff) [pid 808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 808] setpgid(0, 0) = 0 [pid 808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 808] write(3, "1000", 4) = 4 [pid 808] close(3) = 0 [pid 808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 808] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 808] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 809 attached => {parent_tid=[809]}, 88) = 809 [pid 809] set_robust_list(0x7ff5a95349a0, 24 [pid 808] rt_sigprocmask(SIG_SETMASK, [], [pid 809] <... set_robust_list resumed>) = 0 [pid 808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 809] rt_sigprocmask(SIG_SETMASK, [], [pid 808] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 809] memfd_create("syzkaller", 0 [pid 808] <... mmap resumed>) = 0x7ff5a94f3000 [pid 809] <... memfd_create resumed>) = 3 [pid 808] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 809] <... mmap resumed>) = 0x7ff5a10f3000 [pid 808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 810 attached => {parent_tid=[810]}, 88) = 810 [pid 810] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 810] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 808] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 810] <... futex resumed>) = 0 [pid 810] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] <... open resumed>) = 4 [pid 810] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 810] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 810] <... futex resumed>) = 0 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 810] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 810] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 808] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] <... open resumed>) = 5 [pid 810] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 810] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 808] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 808] <... futex resumed>) = 0 [pid 810] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] <... futex resumed>) = 0 [pid 808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 810] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 808] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 810] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 810] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 810] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 809] <... write resumed>) = 262144 [pid 809] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 809] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 809] close(3) = 0 [pid 809] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 809] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 809] ioctl(6, LOOP_CLR_FD) = 0 [pid 809] close(6) = 0 [pid 809] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] exit_group(0) = ? [pid 809] <... futex resumed>) = ? [pid 809] +++ exited with 0 +++ [pid 810] <... futex resumed>) = ? [pid 810] +++ exited with 0 +++ [pid 808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=808, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 813 ./strace-static-x86_64: Process 813 attached [pid 813] set_robust_list(0x5555561b76a0, 24) = 0 [pid 813] chdir("./108") = 0 [pid 813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 813] setpgid(0, 0) = 0 [pid 813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 813] write(3, "1000", 4) = 4 [pid 813] close(3) = 0 [pid 813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 813] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 813] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[814]}, 88) = 814 [pid 813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 813] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 814 attached ) = 0 [pid 813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 813] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 814] set_robust_list(0x7ff5a95349a0, 24 [pid 813] <... clone3 resumed> => {parent_tid=[815]}, 88) = 815 [pid 813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 813] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 815 attached [pid 815] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 815] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 0 [pid 813] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 815] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 0 [pid 814] <... set_robust_list resumed>) = 0 [pid 813] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 815] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 0 [pid 813] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 815] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 0 [pid 813] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 815] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 0 [pid 815] <... futex resumed>) = 1 [pid 815] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 814] memfd_create("syzkaller", 0) = 5 [pid 814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 814] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 814] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.973448][ T809] loop0: detected capacity change from 0 to 512 [ 29.991272][ T809] EXT4-fs (loop0): 1 orphan inode deleted [ 29.997091][ T809] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/107/bus supports timestamps until 2038 (0x7fffffff) [pid 814] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 814] close(5) = 0 [pid 814] mkdir("./file1", 0777) = 0 [pid 814] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 814] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 814] chdir("./file1") = 0 [pid 814] ioctl(6, LOOP_CLR_FD) = 0 [pid 814] close(6) = 0 [pid 814] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 813] exit_group(0 [pid 815] <... futex resumed>) = ? [pid 813] <... exit_group resumed>) = ? [pid 815] +++ exited with 0 +++ [pid 814] <... futex resumed>) = ? [pid 814] +++ exited with 0 +++ [pid 813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=813, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 818 ./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x5555561b76a0, 24) = 0 [pid 818] chdir("./109") = 0 [pid 818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 818] setpgid(0, 0) = 0 [pid 818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 818] write(3, "1000", 4) = 4 [pid 818] close(3) = 0 [pid 818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 818] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 818] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 819 attached [pid 819] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 819] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] <... clone3 resumed> => {parent_tid=[819]}, 88) = 819 [pid 818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 818] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 819] <... futex resumed>) = 0 [pid 819] memfd_create("syzkaller", 0 [pid 818] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 819] <... memfd_create resumed>) = 3 [pid 819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 819] <... mmap resumed>) = 0x7ff5a10f3000 [pid 818] <... mmap resumed>) = 0x7ff5a94f3000 [pid 818] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 820 attached => {parent_tid=[820]}, 88) = 820 [pid 820] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 818] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] <... futex resumed>) = 0 [pid 820] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 818] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... open resumed>) = 4 [pid 820] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... futex resumed>) = 0 [pid 820] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 820] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] <... futex resumed>) = 0 [pid 819] <... write resumed>) = 262144 [pid 819] munmap(0x7ff5a10f3000, 138412032 [pid 818] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] <... futex resumed>) = 0 [pid 819] <... munmap resumed>) = 0 [pid 820] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 820] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 818] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 819] <... openat resumed>) = 6 [pid 819] ioctl(6, LOOP_SET_FD, 3 [ 30.039397][ T814] loop0: detected capacity change from 0 to 512 [ 30.061777][ T814] EXT4-fs (loop0): 1 orphan inode deleted [ 30.067458][ T814] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/108/file1 supports timestamps until 2038 (0x7fffffff) [pid 818] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] <... futex resumed>) = 0 [pid 820] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 819] <... ioctl resumed>) = 0 [pid 818] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 819] close(3) = 0 [pid 819] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 819] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 820] <... write resumed>) = -1 EIO (Input/output error) [pid 820] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... futex resumed>) = 1 [pid 820] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 820] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 820] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 819] ioctl(6, LOOP_CLR_FD) = 0 [pid 819] close(6) = 0 [pid 819] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] exit_group(0) = ? [pid 820] <... futex resumed>) = ? [pid 820] +++ exited with 0 +++ [pid 819] +++ exited with 0 +++ [pid 818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=818, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 821 ./strace-static-x86_64: Process 821 attached [pid 821] set_robust_list(0x5555561b76a0, 24) = 0 [pid 821] chdir("./110") = 0 [pid 821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 821] setpgid(0, 0) = 0 [pid 821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 821] write(3, "1000", 4) = 4 [pid 821] close(3) = 0 [pid 821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 821] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 821] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 822 attached [pid 822] set_robust_list(0x7ff5a95349a0, 24 [pid 821] <... clone3 resumed> => {parent_tid=[822]}, 88) = 822 [pid 822] <... set_robust_list resumed>) = 0 [pid 821] rt_sigprocmask(SIG_SETMASK, [], [pid 822] rt_sigprocmask(SIG_SETMASK, [], [pid 821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 821] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] memfd_create("syzkaller", 0) = 3 [pid 821] <... futex resumed>) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 821] <... mmap resumed>) = 0x7ff5a94f3000 [pid 821] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 822] <... mmap resumed>) = 0x7ff5a10f3000 [pid 821] <... mprotect resumed>) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[823]}, 88) = 823 ./strace-static-x86_64: Process 823 attached [pid 823] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 823] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 0 [pid 823] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 823] <... open resumed>) = 4 [pid 823] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] <... write resumed>) = 262144 [pid 823] <... futex resumed>) = 1 [pid 822] munmap(0x7ff5a10f3000, 138412032 [pid 821] <... futex resumed>) = 0 [pid 823] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 821] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] <... mount resumed>) = 0 [pid 822] <... munmap resumed>) = 0 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 823] <... futex resumed>) = 1 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 822] <... openat resumed>) = 5 [pid 823] <... open resumed>) = 6 [pid 822] ioctl(5, LOOP_SET_FD, 3 [ 30.113407][ T819] loop0: detected capacity change from 0 to 512 [ 30.113624][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.130064][ T819] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 823] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] <... futex resumed>) = 0 [pid 823] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 822] <... ioctl resumed>) = 0 [pid 821] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 0 [pid 823] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 822] close(3) = 0 [pid 822] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 822] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 823] <... write resumed>) = 8 [pid 823] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 823] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 823] <... futex resumed>) = 1 [pid 823] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 822] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 822] ioctl(5, LOOP_CLR_FD) = 0 [pid 822] close(5) = 0 [pid 822] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] exit_group(0) = ? [pid 823] <... futex resumed>) = ? [pid 823] +++ exited with 0 +++ [pid 822] <... futex resumed>) = ? [pid 822] +++ exited with 0 +++ [pid 821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=821, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 824 ./strace-static-x86_64: Process 824 attached [pid 824] set_robust_list(0x5555561b76a0, 24) = 0 [pid 824] chdir("./111") = 0 [pid 824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 824] setpgid(0, 0) = 0 [pid 824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 824] write(3, "1000", 4) = 4 [pid 824] close(3) = 0 [pid 824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 824] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 824] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[825]}, 88) = 825 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 824] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[826]}, 88) = 826 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 826 attached [pid 826] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 826] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000./strace-static-x86_64: Process 825 attached ) = 3 [pid 826] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 826] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 826] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 826] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 826] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 826] <... futex resumed>) = 1 [pid 826] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 825] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 825] memfd_create("syzkaller", 0) = 5 [pid 825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 825] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 825] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.185234][ T822] loop0: detected capacity change from 0 to 512 [ 30.193885][ T822] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 825] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 825] close(5) = 0 [pid 825] mkdir("./file1", 0777) = 0 [pid 825] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 825] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 825] chdir("./file1") = 0 [pid 825] ioctl(6, LOOP_CLR_FD) = 0 [pid 825] close(6) = 0 [pid 825] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 825] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] exit_group(0 [pid 826] <... futex resumed>) = ? [pid 824] <... exit_group resumed>) = ? [pid 826] +++ exited with 0 +++ [pid 825] <... futex resumed>) = ? [pid 825] +++ exited with 0 +++ [pid 824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=824, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 831 ./strace-static-x86_64: Process 831 attached [pid 831] set_robust_list(0x5555561b76a0, 24) = 0 [pid 831] chdir("./112") = 0 [pid 831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 831] setpgid(0, 0) = 0 [pid 831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 831] write(3, "1000", 4) = 4 [pid 831] close(3) = 0 [pid 831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 831] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 831] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[832]}, 88) = 832 ./strace-static-x86_64: Process 832 attached [pid 831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 831] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 831] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[833]}, 88) = 833 [pid 831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 831] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 833 attached [pid 833] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 832] set_robust_list(0x7ff5a95349a0, 24 [pid 833] <... open resumed>) = 3 [pid 833] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 831] <... futex resumed>) = 0 [pid 831] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 832] <... set_robust_list resumed>) = 0 [pid 833] <... mount resumed>) = 0 [pid 833] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 831] <... futex resumed>) = 0 [pid 831] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 833] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 831] <... futex resumed>) = 0 [pid 831] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 833] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 831] <... futex resumed>) = 0 [pid 831] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 833] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 831] <... futex resumed>) = 0 [pid 833] <... futex resumed>) = 1 [pid 833] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] memfd_create("syzkaller", 0) = 5 [pid 832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 832] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 832] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.227713][ T825] loop0: detected capacity change from 0 to 512 [ 30.241585][ T825] EXT4-fs (loop0): 1 orphan inode deleted [ 30.247173][ T825] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/111/file1 supports timestamps until 2038 (0x7fffffff) [pid 832] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 832] close(5) = 0 [pid 832] mkdir("./file1", 0777) = 0 [pid 832] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 832] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 832] chdir("./file1") = 0 [pid 832] ioctl(6, LOOP_CLR_FD) = 0 [pid 832] close(6) = 0 [pid 832] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 831] exit_group(0 [pid 833] <... futex resumed>) = ? [pid 831] <... exit_group resumed>) = ? [pid 833] +++ exited with 0 +++ [pid 832] <... futex resumed>) = ? [pid 832] +++ exited with 0 +++ [pid 831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=831, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 836 ./strace-static-x86_64: Process 836 attached [pid 836] set_robust_list(0x5555561b76a0, 24) = 0 [pid 836] chdir("./113") = 0 [pid 836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 836] setpgid(0, 0) = 0 [pid 836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 836] write(3, "1000", 4) = 4 [pid 836] close(3) = 0 [pid 836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 836] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 836] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 837 attached [pid 837] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 837] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] <... clone3 resumed> => {parent_tid=[837]}, 88) = 837 [pid 836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 836] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 837] <... futex resumed>) = 0 [pid 836] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] memfd_create("syzkaller", 0 [pid 836] <... futex resumed>) = 0 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 837] <... memfd_create resumed>) = 3 [pid 836] <... mmap resumed>) = 0x7ff5a94f3000 [pid 837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 836] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 837] <... mmap resumed>) = 0x7ff5a10f3000 [pid 836] <... mprotect resumed>) = 0 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 838 attached [pid 838] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 838] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] <... clone3 resumed> => {parent_tid=[838]}, 88) = 838 [pid 836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 836] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] <... futex resumed>) = 0 [pid 838] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 836] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... open resumed>) = 4 [pid 838] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 838] <... futex resumed>) = 1 [pid 838] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] <... futex resumed>) = 0 [pid 836] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] <... futex resumed>) = 0 [pid 838] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 836] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... mount resumed>) = 0 [pid 838] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] <... futex resumed>) = 0 [pid 837] <... write resumed>) = 262144 [pid 836] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] munmap(0x7ff5a10f3000, 138412032 [pid 836] <... futex resumed>) = 1 [pid 836] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... futex resumed>) = 0 [pid 838] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 837] <... munmap resumed>) = 0 [pid 838] <... open resumed>) = 5 [pid 838] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... openat resumed>) = 6 [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 837] ioctl(6, LOOP_SET_FD, 3 [pid 836] <... futex resumed>) = 0 [pid 838] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 836] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 836] <... futex resumed>) = 0 [pid 836] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 30.286624][ T832] loop0: detected capacity change from 0 to 512 [ 30.301758][ T832] EXT4-fs (loop0): 1 orphan inode deleted [ 30.307515][ T832] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/112/file1 supports timestamps until 2038 (0x7fffffff) [pid 838] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 837] <... ioctl resumed>) = 0 [pid 837] close(3) = 0 [pid 837] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 837] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 838] <... write resumed>) = -1 EIO (Input/output error) [pid 838] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 836] <... futex resumed>) = 0 [pid 838] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 837] <... mount resumed>) = -1 ENOTDIR (Not a directory) [pid 837] ioctl(6, LOOP_CLR_FD) = 0 [pid 837] close(6) = 0 [pid 837] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] exit_group(0 [pid 838] <... futex resumed>) = ? [pid 836] <... exit_group resumed>) = ? [pid 838] +++ exited with 0 +++ [pid 837] <... futex resumed>) = ? [pid 837] +++ exited with 0 +++ [pid 836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=836, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 841 ./strace-static-x86_64: Process 841 attached [pid 841] set_robust_list(0x5555561b76a0, 24) = 0 [pid 841] chdir("./114") = 0 [pid 841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 841] setpgid(0, 0) = 0 [pid 841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 841] write(3, "1000", 4) = 4 [pid 841] close(3) = 0 [pid 841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 841] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 841] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 842 attached => {parent_tid=[842]}, 88) = 842 [pid 842] set_robust_list(0x7ff5a95349a0, 24 [pid 841] rt_sigprocmask(SIG_SETMASK, [], [pid 842] <... set_robust_list resumed>) = 0 [pid 841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 842] rt_sigprocmask(SIG_SETMASK, [], [pid 841] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] memfd_create("syzkaller", 0 [pid 841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 841] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 842] <... memfd_create resumed>) = 3 [pid 841] rt_sigprocmask(SIG_BLOCK, ~[], [pid 842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 841] <... rt_sigprocmask resumed>[], 8) = 0 [pid 841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[843]}, 88) = 843 [pid 841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 841] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 843 attached [pid 842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 843] set_robust_list(0x7ff5a95139a0, 24 [pid 842] <... write resumed>) = 262144 [pid 843] <... set_robust_list resumed>) = 0 [pid 842] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 843] rt_sigprocmask(SIG_SETMASK, [], [pid 842] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 842] <... openat resumed>) = 4 [ 30.356201][ T837] loop0: detected capacity change from 0 to 512 [ 30.356932][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.380814][ T837] EXT4-fs (loop0): 1 orphan inode deleted [ 30.386523][ T837] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/113/bus supports timestamps until 2038 (0x7fffffff) [pid 842] ioctl(4, LOOP_SET_FD, 3 [pid 843] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 843] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 843] <... futex resumed>) = 1 [pid 843] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 843] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 843] <... futex resumed>) = 1 [pid 843] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 842] <... ioctl resumed>) = 0 [pid 843] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 841] <... futex resumed>) = 0 [pid 843] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 841] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] close(3) = 0 [pid 843] <... write resumed>) = 8 [pid 842] mkdir("./bus", 0777 [pid 843] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 841] <... futex resumed>) = 0 [pid 843] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 841] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 842] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 843] <... write resumed>) = 1045 [pid 843] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 841] <... futex resumed>) = 0 [pid 843] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 842] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 842] ioctl(4, LOOP_CLR_FD) = 0 [pid 842] close(4) = 0 [pid 842] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] exit_group(0) = ? [pid 843] <... futex resumed>) = ? [pid 842] <... futex resumed>) = ? [pid 843] +++ exited with 0 +++ [pid 842] +++ exited with 0 +++ [pid 841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=841, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 844 ./strace-static-x86_64: Process 844 attached [pid 844] set_robust_list(0x5555561b76a0, 24) = 0 [pid 844] chdir("./115") = 0 [pid 844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 844] setpgid(0, 0) = 0 [pid 844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 844] write(3, "1000", 4) = 4 [pid 844] close(3) = 0 [pid 844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 844] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 844] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[845]}, 88) = 845 ./strace-static-x86_64: Process 845 attached [pid 844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 844] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 844] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[846]}, 88) = 846 [pid 844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 844] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 845] memfd_create("syzkaller", 0) = 3 [pid 845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 846 attached [pid 846] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 846] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 846] <... open resumed>) = 4 [pid 846] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 845] <... write resumed>) = 262144 [pid 845] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 30.423987][ T842] loop0: detected capacity change from 0 to 512 [ 30.433686][ T842] EXT4-fs (loop0): Invalid log block size: 2475723007 [pid 845] ioctl(5, LOOP_SET_FD, 3 [pid 846] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 844] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... ioctl resumed>) = 0 [pid 845] close(3) = 0 [pid 845] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 845] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 844] <... futex resumed>) = 0 [pid 846] <... mount resumed>) = 0 [pid 846] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 844] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 844] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 846] <... futex resumed>) = 0 [pid 846] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 846] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 846] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 846] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 846] <... futex resumed>) = 1 [pid 846] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 846] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 846] <... futex resumed>) = 1 [pid 846] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 845] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 845] ioctl(5, LOOP_CLR_FD) = 0 [pid 845] close(5) = 0 [pid 845] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 844] exit_group(0) = ? [pid 846] <... futex resumed>) = ? [pid 846] +++ exited with 0 +++ [pid 845] <... futex resumed>) = ? [pid 845] +++ exited with 0 +++ [pid 844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=844, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 847 ./strace-static-x86_64: Process 847 attached [pid 847] set_robust_list(0x5555561b76a0, 24) = 0 [pid 847] chdir("./116") = 0 [pid 847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 847] setpgid(0, 0) = 0 [pid 847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 847] write(3, "1000", 4) = 4 [pid 847] close(3) = 0 [pid 847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 847] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 847] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 848 attached => {parent_tid=[848]}, 88) = 848 [pid 848] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 847] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] memfd_create("syzkaller", 0 [pid 847] <... futex resumed>) = 0 [pid 848] <... memfd_create resumed>) = 3 [pid 848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a1114000 [pid 847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a10f3000 [pid 847] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0} => {parent_tid=[849]}, 88) = 849 [pid 847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 849 attached [pid 848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 849] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 849] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 849] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] <... write resumed>) = 262144 [pid 848] munmap(0x7ff5a1114000, 138412032 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 849] <... futex resumed>) = 1 [pid 848] <... munmap resumed>) = 0 [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 849] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 848] <... openat resumed>) = 5 [pid 848] ioctl(5, LOOP_SET_FD, 3 [pid 849] <... mount resumed>) = 0 [pid 849] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 849] <... futex resumed>) = 1 [pid 849] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 849] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.464872][ T845] loop0: detected capacity change from 0 to 512 [ 30.473946][ T845] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 847] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 849] <... futex resumed>) = 1 [pid 849] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 848] <... ioctl resumed>) = 0 [pid 848] close(3) = 0 [pid 848] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 848] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 849] <... write resumed>) = -1 EIO (Input/output error) [pid 849] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 849] <... futex resumed>) = 1 [pid 849] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 849] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 849] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 848] ioctl(5, LOOP_CLR_FD) = 0 [pid 848] close(5) = 0 [pid 848] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] exit_group(0 [pid 848] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] <... exit_group resumed>) = ? [pid 849] <... futex resumed>) = ? [pid 849] +++ exited with 0 +++ [pid 848] <... futex resumed>) = ? [pid 848] +++ exited with 0 +++ [pid 847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=847, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 852 ./strace-static-x86_64: Process 852 attached [pid 852] set_robust_list(0x5555561b76a0, 24) = 0 [pid 852] chdir("./117") = 0 [pid 852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 852] setpgid(0, 0) = 0 [pid 852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 852] write(3, "1000", 4) = 4 [pid 852] close(3) = 0 [pid 852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 852] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 852] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[853]}, 88) = 853 [pid 852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 852] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 852] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 853 attached ./strace-static-x86_64: Process 854 attached [pid 853] set_robust_list(0x7ff5a95349a0, 24 [pid 852] <... clone3 resumed> => {parent_tid=[854]}, 88) = 854 [pid 853] <... set_robust_list resumed>) = 0 [pid 853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 853] memfd_create("syzkaller", 0) = 3 [pid 853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 854] set_robust_list(0x7ff5a95139a0, 24 [pid 852] rt_sigprocmask(SIG_SETMASK, [], [pid 854] <... set_robust_list resumed>) = 0 [pid 854] rt_sigprocmask(SIG_SETMASK, [], [pid 852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 852] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 852] <... futex resumed>) = 0 [pid 854] <... open resumed>) = 4 [pid 854] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 853] <... write resumed>) = 262144 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 0 [pid 853] munmap(0x7ff5a10f3000, 138412032 [pid 854] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 852] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 853] <... munmap resumed>) = 0 [pid 854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 853] ioctl(5, LOOP_SET_FD, 3 [pid 854] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 854] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 852] <... futex resumed>) = 0 [ 30.512862][ T848] loop0: detected capacity change from 0 to 512 [ 30.514183][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.529939][ T848] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 30.543761][ T848] EXT4-fs (loop0): get root inode failed [ 30.549470][ T848] EXT4-fs (loop0): mount failed [pid 852] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... open resumed>) = 6 [pid 854] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 853] <... ioctl resumed>) = 0 [pid 853] close(3) = 0 [pid 853] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 853] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 854] <... write resumed>) = -1 EIO (Input/output error) [pid 854] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 852] <... futex resumed>) = 0 [pid 854] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 852] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 852] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 0 [pid 854] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 854] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 852] <... futex resumed>) = 0 [pid 854] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 853] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 853] ioctl(5, LOOP_CLR_FD) = 0 [pid 853] close(5) = 0 [pid 853] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 852] exit_group(0 [pid 854] <... futex resumed>) = ? [pid 854] +++ exited with 0 +++ [pid 853] <... futex resumed>) = ? [pid 853] +++ exited with 0 +++ [pid 852] <... exit_group resumed>) = ? [pid 852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=852, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 857 ./strace-static-x86_64: Process 857 attached [pid 857] set_robust_list(0x5555561b76a0, 24) = 0 [pid 857] chdir("./118") = 0 [pid 857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 857] setpgid(0, 0) = 0 [pid 857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 857] write(3, "1000", 4) = 4 [pid 857] close(3) = 0 [pid 857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 857] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 857] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[858]}, 88) = 858 [pid 857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 857] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[859]}, 88) = 859 [pid 857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 859 attached [pid 859] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 859] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 859] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 857] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] <... futex resumed>) = 1 [pid 859] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 859] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 857] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] <... futex resumed>) = 1 [pid 859] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 859] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 857] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] <... futex resumed>) = 1 [pid 859] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 859] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 857] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] <... futex resumed>) = 1 [pid 859] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 859] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 859] <... futex resumed>) = 1 [pid 859] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 858 attached [pid 858] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 858] memfd_create("syzkaller", 0) = 5 [pid 858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 858] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 858] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.587948][ T853] loop0: detected capacity change from 0 to 512 [ 30.591919][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.609979][ T853] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 30.623086][ T853] EXT4-fs (loop0): get root inode failed [ 30.628523][ T853] EXT4-fs (loop0): mount failed [pid 858] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 858] close(5) = 0 [pid 858] mkdir("./file1", 0777) = 0 [pid 858] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 858] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 858] chdir("./file1") = 0 [pid 858] ioctl(6, LOOP_CLR_FD) = 0 [pid 858] close(6) = 0 [pid 858] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 857] exit_group(0 [pid 859] <... futex resumed>) = ? [pid 857] <... exit_group resumed>) = ? [pid 859] +++ exited with 0 +++ [pid 858] <... futex resumed>) = ? [pid 858] +++ exited with 0 +++ [pid 857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=857, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 862 ./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x5555561b76a0, 24) = 0 [pid 862] chdir("./119") = 0 [pid 862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 862] setpgid(0, 0) = 0 [pid 862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 862] write(3, "1000", 4) = 4 [pid 862] close(3) = 0 [pid 862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 862] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 862] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[863]}, 88) = 863 ./strace-static-x86_64: Process 863 attached [pid 862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 862] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 862] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[864]}, 88) = 864 [pid 862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 862] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 863] memfd_create("syzkaller", 0./strace-static-x86_64: Process 864 attached ) = 3 [pid 863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 864] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 864] rt_sigprocmask(SIG_SETMASK, [], [pid 863] <... mmap resumed>) = 0x7ff5a10f3000 [pid 864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 864] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 864] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 864] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 864] <... mount resumed>) = 0 [pid 864] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 864] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 863] <... write resumed>) = 262144 [pid 864] <... open resumed>) = 5 [pid 864] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 864] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 864] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 864] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 864] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 864] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 863] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.656799][ T858] loop0: detected capacity change from 0 to 512 [ 30.671167][ T858] EXT4-fs (loop0): 1 orphan inode deleted [ 30.676905][ T858] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/118/file1 supports timestamps until 2038 (0x7fffffff) [pid 863] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 863] close(3) = 0 [pid 863] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 863] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 863] ioctl(6, LOOP_CLR_FD) = 0 [pid 863] close(6) = 0 [pid 863] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 863] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 862] exit_group(0 [pid 864] <... futex resumed>) = ? [pid 862] <... exit_group resumed>) = ? [pid 864] +++ exited with 0 +++ [pid 863] <... futex resumed>) = ? [pid 863] +++ exited with 0 +++ [pid 862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=862, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/bus") = 0 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 867 ./strace-static-x86_64: Process 867 attached [pid 867] set_robust_list(0x5555561b76a0, 24) = 0 [pid 867] chdir("./120") = 0 [pid 867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 867] setpgid(0, 0) = 0 [pid 867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 867] write(3, "1000", 4) = 4 [pid 867] close(3) = 0 [pid 867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 867] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 867] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 868 attached => {parent_tid=[868]}, 88) = 868 [pid 868] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 867] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 868] <... futex resumed>) = 0 [pid 868] memfd_create("syzkaller", 0 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] <... memfd_create resumed>) = 3 [pid 868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 868] <... mmap resumed>) = 0x7ff5a10f3000 [pid 867] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[869]}, 88) = 869 [pid 867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 867] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 869 attached [pid 868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 869] set_robust_list(0x7ff5a95139a0, 24 [pid 868] <... write resumed>) = 262144 [pid 869] <... set_robust_list resumed>) = 0 [pid 868] munmap(0x7ff5a10f3000, 138412032 [pid 869] rt_sigprocmask(SIG_SETMASK, [], [pid 868] <... munmap resumed>) = 0 [pid 869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 869] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 868] <... openat resumed>) = 4 [ 30.720568][ T863] loop0: detected capacity change from 0 to 512 [ 30.730930][ T863] EXT4-fs (loop0): 1 orphan inode deleted [ 30.736540][ T863] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/119/bus supports timestamps until 2038 (0x7fffffff) [pid 868] ioctl(4, LOOP_SET_FD, 3 [pid 869] <... open resumed>) = 5 [pid 869] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 869] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 868] <... ioctl resumed>) = 0 [pid 869] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 868] close(3) = 0 [pid 868] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 868] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 869] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 869] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 0 [pid 869] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 869] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 869] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 867] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... write resumed>) = 1045 [pid 869] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 867] <... futex resumed>) = 0 [pid 869] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 868] ioctl(4, LOOP_CLR_FD) = 0 [pid 868] close(4) = 0 [pid 868] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 867] exit_group(0) = ? [pid 869] <... futex resumed>) = ? [pid 868] <... futex resumed>) = ? [pid 869] +++ exited with 0 +++ [pid 868] +++ exited with 0 +++ [pid 867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=867, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/bus") = 0 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 872 ./strace-static-x86_64: Process 872 attached [pid 872] set_robust_list(0x5555561b76a0, 24) = 0 [pid 872] chdir("./121") = 0 [pid 872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 872] setpgid(0, 0) = 0 [pid 872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 872] write(3, "1000", 4) = 4 [pid 872] close(3) = 0 [pid 872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 872] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 872] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[873]}, 88) = 873 [pid 872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 872] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 872] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[874]}, 88) = 874 [pid 872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 872] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 873 attached [pid 873] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 873] memfd_create("syzkaller", 0) = 3 [pid 873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 873] <... write resumed>) = 262144 [pid 873] munmap(0x7ff5a10f3000, 138412032 [pid 874] rt_sigprocmask(SIG_SETMASK, [], [pid 873] <... munmap resumed>) = 0 [pid 873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 873] ioctl(4, LOOP_SET_FD, 3 [pid 874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 874] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [ 30.773919][ T868] loop0: detected capacity change from 0 to 512 [ 30.789927][ T868] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 30.803365][ T868] EXT4-fs (loop0): get root inode failed [ 30.808928][ T868] EXT4-fs (loop0): mount failed [pid 874] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 872] <... futex resumed>) = 0 [pid 872] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 874] <... futex resumed>) = 0 [pid 874] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 874] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 872] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 874] <... futex resumed>) = 1 [pid 874] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 874] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 872] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 874] <... futex resumed>) = 1 [pid 874] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 873] <... ioctl resumed>) = 0 [pid 873] close(3) = 0 [pid 873] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 873] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 874] <... write resumed>) = -1 EIO (Input/output error) [pid 874] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 874] <... futex resumed>) = 1 [pid 872] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 872] <... futex resumed>) = 0 [pid 872] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 874] <... write resumed>) = 1045 [pid 874] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 874] <... futex resumed>) = 1 [pid 874] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 873] ioctl(4, LOOP_CLR_FD) = 0 [pid 873] close(4) = 0 [pid 873] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 873] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 872] exit_group(0 [pid 874] <... futex resumed>) = ? [pid 872] <... exit_group resumed>) = ? [pid 874] +++ exited with 0 +++ [pid 873] <... futex resumed>) = ? [pid 873] +++ exited with 0 +++ [pid 872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=872, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/bus") = 0 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 877 ./strace-static-x86_64: Process 877 attached [pid 877] set_robust_list(0x5555561b76a0, 24) = 0 [pid 877] chdir("./122") = 0 [pid 877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 877] setpgid(0, 0) = 0 [pid 877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 877] write(3, "1000", 4) = 4 [pid 877] close(3) = 0 [pid 877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 877] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 877] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 878 attached [pid 878] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 878] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] <... clone3 resumed> => {parent_tid=[878]}, 88) = 878 [pid 877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 877] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] <... futex resumed>) = 0 [pid 877] <... futex resumed>) = 1 [pid 878] memfd_create("syzkaller", 0 [pid 877] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 878] <... memfd_create resumed>) = 3 [pid 877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 877] <... mmap resumed>) = 0x7ff5a94f3000 [pid 877] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 878] <... mmap resumed>) = 0x7ff5a10f3000 [pid 877] <... mprotect resumed>) = 0 [pid 877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 879 attached [pid 879] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 879] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] <... clone3 resumed> => {parent_tid=[879]}, 88) = 879 [pid 877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 877] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 879] <... futex resumed>) = 0 [pid 877] <... futex resumed>) = 1 [pid 879] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 877] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... open resumed>) = 4 [pid 879] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 879] <... futex resumed>) = 1 [pid 878] <... write resumed>) = 262144 [pid 877] <... futex resumed>) = 0 [pid 879] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 878] munmap(0x7ff5a10f3000, 138412032 [pid 877] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 879] <... mount resumed>) = 0 [pid 877] <... futex resumed>) = 0 [pid 879] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... futex resumed>) = 0 [pid 877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 878] <... munmap resumed>) = 0 [pid 879] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 878] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 877] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 879] <... open resumed>) = 5 [pid 879] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] <... openat resumed>) = 6 [pid 877] <... futex resumed>) = 0 [pid 879] <... futex resumed>) = 0 [pid 878] ioctl(6, LOOP_SET_FD, 3 [ 30.830140][ T873] loop0: detected capacity change from 0 to 512 [ 30.834817][ T41] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.849833][ T873] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 30.863137][ T873] EXT4-fs (loop0): get root inode failed [ 30.868621][ T873] EXT4-fs (loop0): mount failed [pid 877] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 878] <... ioctl resumed>) = 0 [pid 877] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... futex resumed>) = 0 [pid 879] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 878] close(3) = 0 [pid 878] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 878] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 879] <... write resumed>) = 8 [pid 879] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 879] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 879] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 878] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 878] ioctl(6, LOOP_CLR_FD) = 0 [pid 878] close(6) = 0 [pid 878] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 878] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] exit_group(0 [pid 879] <... futex resumed>) = ? [pid 877] <... exit_group resumed>) = ? [pid 879] +++ exited with 0 +++ [pid 878] <... futex resumed>) = ? [pid 878] +++ exited with 0 +++ [pid 877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=877, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/bus") = 0 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 882 ./strace-static-x86_64: Process 882 attached [pid 882] set_robust_list(0x5555561b76a0, 24) = 0 [pid 882] chdir("./123") = 0 [pid 882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 882] setpgid(0, 0) = 0 [pid 882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 882] write(3, "1000", 4) = 4 [pid 882] close(3) = 0 [pid 882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 882] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 882] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 882] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 883 attached [pid 883] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 883] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 882] <... clone3 resumed> => {parent_tid=[883]}, 88) = 883 [pid 882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 882] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 882] <... futex resumed>) = 1 [pid 883] memfd_create("syzkaller", 0 [pid 882] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] <... memfd_create resumed>) = 3 [pid 882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 882] <... mmap resumed>) = 0x7ff5a94f3000 [pid 882] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 883] <... mmap resumed>) = 0x7ff5a10f3000 [pid 882] <... mprotect resumed>) = 0 [pid 882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 884 attached [pid 884] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 882] <... clone3 resumed> => {parent_tid=[884]}, 88) = 884 [pid 884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 884] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 882] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 884] <... futex resumed>) = 0 [pid 882] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 884] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... write resumed>) = 262144 [pid 884] <... futex resumed>) = 1 [pid 883] munmap(0x7ff5a10f3000, 138412032 [pid 882] <... futex resumed>) = 0 [pid 884] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 882] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] <... mount resumed>) = 0 [pid 884] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 882] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] <... munmap resumed>) = 0 [pid 884] <... futex resumed>) = 0 [pid 883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 884] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 883] <... openat resumed>) = 5 [pid 882] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] <... open resumed>) = 6 [pid 884] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] ioctl(5, LOOP_SET_FD, 3 [ 30.903617][ T878] loop0: detected capacity change from 0 to 512 [ 30.919975][ T878] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 30.933220][ T878] EXT4-fs (loop0): get root inode failed [ 30.938708][ T878] EXT4-fs (loop0): mount failed [pid 882] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] <... futex resumed>) = 0 [pid 882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 883] <... ioctl resumed>) = 0 [pid 882] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 883] close(3 [pid 882] <... futex resumed>) = 0 [pid 882] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] <... close resumed>) = 0 [pid 884] <... write resumed>) = 8 [pid 883] mkdir("./bus", 0777 [pid 884] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 883] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 884] <... futex resumed>) = 1 [pid 882] <... futex resumed>) = 0 [pid 884] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 882] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] <... write resumed>) = 1045 [pid 882] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 883] ioctl(5, LOOP_CLR_FD) = 0 [pid 883] close(5) = 0 [pid 883] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 882] exit_group(0 [pid 884] <... futex resumed>) = ? [pid 882] <... exit_group resumed>) = ? [pid 884] +++ exited with 0 +++ [pid 883] <... futex resumed>) = ? [pid 883] +++ exited with 0 +++ [pid 882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=882, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/bus") = 0 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 885 ./strace-static-x86_64: Process 885 attached [pid 885] set_robust_list(0x5555561b76a0, 24) = 0 [pid 885] chdir("./124") = 0 [pid 885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 885] setpgid(0, 0) = 0 [pid 885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 885] write(3, "1000", 4) = 4 [pid 885] close(3) = 0 [pid 885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 885] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 885] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[886]}, 88) = 886 [pid 885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 885] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 885] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 886 attached [], 8) = 0 [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[887]}, 88) = 887 ./strace-static-x86_64: Process 887 attached [pid 886] set_robust_list(0x7ff5a95349a0, 24 [pid 885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 885] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 887] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 886] <... set_robust_list resumed>) = 0 [pid 887] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 887] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 887] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 887] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 887] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 885] <... futex resumed>) = 0 [pid 887] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 886] memfd_create("syzkaller", 0) = 5 [pid 886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 886] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 886] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.981525][ T883] loop0: detected capacity change from 0 to 512 [ 30.991652][ T883] EXT4-fs (loop0): fragment/cluster size (0) != block size (4096) [pid 886] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 886] close(5) = 0 [pid 886] mkdir("./file1", 0777) = 0 [pid 886] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 886] chdir("./file1") = 0 [pid 886] ioctl(6, LOOP_CLR_FD) = 0 [pid 886] close(6) = 0 [pid 886] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 885] exit_group(0 [pid 887] <... futex resumed>) = ? [pid 885] <... exit_group resumed>) = ? [pid 887] +++ exited with 0 +++ [pid 886] <... futex resumed>) = ? [pid 886] +++ exited with 0 +++ [pid 885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=885, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/bus") = 0 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 891 ./strace-static-x86_64: Process 891 attached [pid 891] set_robust_list(0x5555561b76a0, 24) = 0 [pid 891] chdir("./125") = 0 [pid 891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 891] setpgid(0, 0) = 0 [pid 891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 891] write(3, "1000", 4) = 4 [pid 891] close(3) = 0 [pid 891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 891] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 891] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 892 attached [pid 892] set_robust_list(0x7ff5a95349a0, 24 [pid 891] <... clone3 resumed> => {parent_tid=[892]}, 88) = 892 [pid 892] <... set_robust_list resumed>) = 0 [pid 891] rt_sigprocmask(SIG_SETMASK, [], [pid 892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 891] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] memfd_create("syzkaller", 0 [pid 891] <... futex resumed>) = 0 [pid 892] <... memfd_create resumed>) = 3 [pid 892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a1114000 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a10f3000 [pid 891] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0} => {parent_tid=[893]}, 88) = 893 [pid 891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 892] <... write resumed>) = 262144 [pid 892] munmap(0x7ff5a1114000, 138412032 [pid 891] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... munmap resumed>) = 0 [pid 892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 891] <... futex resumed>) = 0 [ 31.023077][ T886] loop0: detected capacity change from 0 to 512 [ 31.041130][ T886] EXT4-fs (loop0): 1 orphan inode deleted [ 31.046872][ T886] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/124/file1 supports timestamps until 2038 (0x7fffffff) [pid 892] ioctl(4, LOOP_SET_FD, 3 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 892] <... ioctl resumed>) = 0 [pid 892] close(3) = 0 [pid 892] mkdir("./file1", 0777./strace-static-x86_64: Process 893 attached ) = 0 [pid 892] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 893] set_robust_list(0x7ff5a11139a0, 24) = 0 [pid 893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 893] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 893] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 891] <... futex resumed>) = 0 [pid 891] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 893] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 891] <... futex resumed>) = 0 [pid 891] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... futex resumed>) = 0 [pid 893] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 893] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 891] <... futex resumed>) = 0 [pid 891] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 893] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 891] <... futex resumed>) = 0 [pid 891] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 893] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 891] <... futex resumed>) = 0 [pid 893] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... mount resumed>) = 0 [pid 892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory) [pid 892] ioctl(4, LOOP_CLR_FD) = 0 [pid 892] close(4) = 0 [pid 892] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 891] exit_group(0 [pid 893] <... futex resumed>) = ? [pid 891] <... exit_group resumed>) = ? [pid 893] +++ exited with 0 +++ [pid 892] <... futex resumed>) = ? [pid 892] +++ exited with 0 +++ [pid 891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=891, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/bus") = 0 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 896 ./strace-static-x86_64: Process 896 attached [pid 896] set_robust_list(0x5555561b76a0, 24) = 0 [pid 896] chdir("./126") = 0 [pid 896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 896] setpgid(0, 0) = 0 [pid 896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 896] write(3, "1000", 4) = 4 [pid 896] close(3) = 0 [pid 896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 896] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 896] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 897 attached => {parent_tid=[897]}, 88) = 897 [pid 896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 896] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 896] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 897] set_robust_list(0x7ff5a95349a0, 24./strace-static-x86_64: Process 898 attached [pid 896] <... clone3 resumed> => {parent_tid=[898]}, 88) = 898 [pid 896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 896] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... set_robust_list resumed>) = 0 [pid 897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 897] memfd_create("syzkaller", 0) = 3 [pid 897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 898] set_robust_list(0x7ff5a95139a0, 24 [pid 897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 898] <... set_robust_list resumed>) = 0 [pid 897] <... write resumed>) = 262144 [pid 897] munmap(0x7ff5a10f3000, 138412032 [pid 898] rt_sigprocmask(SIG_SETMASK, [], [pid 897] <... munmap resumed>) = 0 [pid 897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 897] <... openat resumed>) = 4 [ 31.090805][ T892] loop0: detected capacity change from 0 to 512 [ 31.102795][ T892] EXT4-fs (loop0): 1 orphan inode deleted [ 31.108755][ T892] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/125/file1 supports timestamps until 2038 (0x7fffffff) [pid 897] ioctl(4, LOOP_SET_FD, 3 [pid 898] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 5 [pid 898] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 898] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 897] <... ioctl resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 897] close(3 [pid 896] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... close resumed>) = 0 [pid 897] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 897] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 898] <... futex resumed>) = 0 [pid 898] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 898] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] <... futex resumed>) = 0 [pid 896] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 898] <... futex resumed>) = 1 [pid 898] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 898] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] <... futex resumed>) = 0 [pid 896] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 898] <... futex resumed>) = 1 [pid 898] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 898] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 896] <... futex resumed>) = 0 [pid 898] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 896] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 898] <... write resumed>) = 1045 [pid 898] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = 1 [pid 898] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 897] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 897] ioctl(4, LOOP_CLR_FD) = 0 [pid 897] close(4) = 0 [pid 897] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 897] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 896] exit_group(0) = ? [pid 897] <... futex resumed>) = ? [pid 897] +++ exited with 0 +++ [pid 898] <... futex resumed>) = ? [pid 898] +++ exited with 0 +++ [pid 896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=896, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/bus") = 0 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 901 ./strace-static-x86_64: Process 901 attached [pid 901] set_robust_list(0x5555561b76a0, 24) = 0 [pid 901] chdir("./127") = 0 [pid 901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 901] setpgid(0, 0) = 0 [pid 901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 901] write(3, "1000", 4) = 4 [pid 901] close(3) = 0 [pid 901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 901] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 901] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[902]}, 88) = 902 [pid 901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 901] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 901] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[903]}, 88) = 903 [pid 901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 901] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 902 attached [pid 902] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 902] memfd_create("syzkaller", 0./strace-static-x86_64: Process 903 attached ) = 3 [pid 903] set_robust_list(0x7ff5a95139a0, 24 [pid 902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 903] <... set_robust_list resumed>) = 0 [pid 903] rt_sigprocmask(SIG_SETMASK, [], [pid 902] <... mmap resumed>) = 0x7ff5a10f3000 [pid 903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 903] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 903] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 903] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 903] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 903] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 903] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 903] <... futex resumed>) = 1 [pid 903] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 902] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.145425][ T897] loop0: detected capacity change from 0 to 512 [ 31.160013][ T897] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 31.174172][ T897] EXT4-fs (loop0): get root inode failed [ 31.179836][ T897] EXT4-fs (loop0): mount failed [pid 902] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 902] close(3) = 0 [pid 902] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 902] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 902] ioctl(6, LOOP_CLR_FD) = 0 [pid 902] close(6) = 0 [pid 902] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] exit_group(0 [pid 903] <... futex resumed>) = ? [pid 902] <... futex resumed>) = ? [pid 901] <... exit_group resumed>) = ? [pid 903] +++ exited with 0 +++ [pid 902] +++ exited with 0 +++ [pid 901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=901, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/bus") = 0 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 907 ./strace-static-x86_64: Process 907 attached [pid 907] set_robust_list(0x5555561b76a0, 24) = 0 [pid 907] chdir("./128") = 0 [pid 907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 907] setpgid(0, 0) = 0 [pid 907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 907] write(3, "1000", 4) = 4 [pid 907] close(3) = 0 [pid 907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 907] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 907] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 908 attached [pid 908] set_robust_list(0x7ff5a95349a0, 24 [pid 907] <... clone3 resumed> => {parent_tid=[908]}, 88) = 908 [pid 908] <... set_robust_list resumed>) = 0 [pid 907] rt_sigprocmask(SIG_SETMASK, [], [pid 908] rt_sigprocmask(SIG_SETMASK, [], [pid 907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 907] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] memfd_create("syzkaller", 0 [pid 907] <... futex resumed>) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 908] <... memfd_create resumed>) = 3 [pid 908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 907] <... mmap resumed>) = 0x7ff5a94f3000 [pid 907] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 908] <... mmap resumed>) = 0x7ff5a10f3000 [pid 907] <... mprotect resumed>) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 31.204673][ T902] loop0: detected capacity change from 0 to 512 [ 31.221198][ T902] EXT4-fs (loop0): 1 orphan inode deleted [ 31.226901][ T902] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/127/bus supports timestamps until 2038 (0x7fffffff) [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 909 attached => {parent_tid=[909]}, 88) = 909 [pid 909] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 909] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 909] <... futex resumed>) = 0 [pid 909] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 907] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] <... open resumed>) = 4 [pid 909] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 909] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 907] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] <... mount resumed>) = 0 [pid 909] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 909] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] <... open resumed>) = 5 [pid 909] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 909] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 907] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 909] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 907] <... futex resumed>) = 0 [pid 909] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] <... futex resumed>) = 0 [pid 907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 909] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 907] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 909] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 909] <... futex resumed>) = 0 [pid 909] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 908] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 908] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 908] close(3) = 0 [pid 908] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 908] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 908] ioctl(6, LOOP_CLR_FD) = 0 [pid 908] close(6) = 0 [pid 908] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 908] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 907] exit_group(0) = ? [pid 909] <... futex resumed>) = ? [pid 909] +++ exited with 0 +++ [pid 908] <... futex resumed>) = ? [pid 908] +++ exited with 0 +++ [pid 907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=907, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/bus") = 0 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 912 ./strace-static-x86_64: Process 912 attached [pid 912] set_robust_list(0x5555561b76a0, 24) = 0 [pid 912] chdir("./129") = 0 [pid 912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 912] setpgid(0, 0) = 0 [pid 912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 912] write(3, "1000", 4) = 4 [pid 912] close(3) = 0 [pid 912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 912] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 912] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 912] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 913 attached [pid 913] set_robust_list(0x7ff5a95349a0, 24 [pid 912] <... clone3 resumed> => {parent_tid=[913]}, 88) = 913 [pid 913] <... set_robust_list resumed>) = 0 [pid 912] rt_sigprocmask(SIG_SETMASK, [], [pid 913] rt_sigprocmask(SIG_SETMASK, [], [pid 912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 912] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] memfd_create("syzkaller", 0 [pid 912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 912] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 913] <... memfd_create resumed>) = 3 [pid 912] <... mprotect resumed>) = 0 [pid 913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 912] rt_sigprocmask(SIG_BLOCK, ~[], [pid 913] <... mmap resumed>) = 0x7ff5a10f3000 [pid 912] <... rt_sigprocmask resumed>[], 8) = 0 [pid 912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 914 attached => {parent_tid=[914]}, 88) = 914 [pid 914] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 912] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] <... open resumed>) = 4 [pid 914] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 912] <... futex resumed>) = 0 [pid 912] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 914] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 912] <... futex resumed>) = 0 [pid 914] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 912] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] <... open resumed>) = 5 [pid 914] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 912] <... futex resumed>) = 0 [pid 914] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 912] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 912] <... futex resumed>) = 0 [pid 914] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] <... futex resumed>) = 0 [pid 912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 914] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 912] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 912] <... futex resumed>) = 0 [pid 912] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 914] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 912] <... futex resumed>) = 0 [pid 913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 914] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 913] <... write resumed>) = 262144 [pid 913] munmap(0x7ff5a10f3000, 138412032) = 0 [ 31.292539][ T908] loop0: detected capacity change from 0 to 512 [ 31.311148][ T908] EXT4-fs (loop0): 1 orphan inode deleted [ 31.316897][ T908] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/128/bus supports timestamps until 2038 (0x7fffffff) [pid 913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 913] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 913] close(3) = 0 [pid 913] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 913] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 913] ioctl(6, LOOP_CLR_FD) = 0 [pid 913] close(6) = 0 [pid 913] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 912] exit_group(0) = ? [pid 913] <... futex resumed>) = ? [pid 913] +++ exited with 0 +++ [pid 914] <... futex resumed>) = ? [pid 914] +++ exited with 0 +++ [pid 912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=912, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/bus") = 0 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 917 ./strace-static-x86_64: Process 917 attached [pid 917] set_robust_list(0x5555561b76a0, 24) = 0 [pid 917] chdir("./130") = 0 [pid 917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 917] setpgid(0, 0) = 0 [pid 917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 917] write(3, "1000", 4) = 4 [pid 917] close(3) = 0 [pid 917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 917] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 917] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 918 attached [pid 918] set_robust_list(0x7ff5a95349a0, 24 [pid 917] <... clone3 resumed> => {parent_tid=[918]}, 88) = 918 [pid 918] <... set_robust_list resumed>) = 0 [pid 917] rt_sigprocmask(SIG_SETMASK, [], [pid 918] rt_sigprocmask(SIG_SETMASK, [], [pid 917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 917] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 918] memfd_create("syzkaller", 0 [pid 917] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 918] <... memfd_create resumed>) = 3 [pid 918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 917] <... mmap resumed>) = 0x7ff5a94f3000 [pid 917] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 918] <... mmap resumed>) = 0x7ff5a10f3000 [pid 917] <... mprotect resumed>) = 0 [pid 917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 919 attached => {parent_tid=[919]}, 88) = 919 [pid 919] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 917] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 919] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 917] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... open resumed>) = 4 [pid 919] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 919] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 917] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... mount resumed>) = 0 [pid 919] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 919] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 917] <... futex resumed>) = 0 [pid 919] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 917] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 917] <... futex resumed>) = 0 [pid 919] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... futex resumed>) = 0 [pid 917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 919] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 917] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 919] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 917] <... futex resumed>) = 0 [pid 919] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 918] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.364192][ T913] loop0: detected capacity change from 0 to 512 [ 31.381398][ T913] EXT4-fs (loop0): 1 orphan inode deleted [ 31.386996][ T913] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/129/bus supports timestamps until 2038 (0x7fffffff) [pid 918] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 918] close(3) = 0 [pid 918] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 918] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 918] ioctl(6, LOOP_CLR_FD) = 0 [pid 918] close(6) = 0 [pid 918] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 918] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 917] exit_group(0) = ? [pid 918] <... futex resumed>) = ? [pid 918] +++ exited with 0 +++ [pid 919] <... futex resumed>) = ? [pid 919] +++ exited with 0 +++ [pid 917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=917, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/bus") = 0 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 922 attached , child_tidptr=0x5555561b7690) = 922 [pid 922] set_robust_list(0x5555561b76a0, 24) = 0 [pid 922] chdir("./131") = 0 [pid 922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 922] setpgid(0, 0) = 0 [pid 922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 922] write(3, "1000", 4) = 4 [pid 922] close(3) = 0 [pid 922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 922] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 922] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 923 attached => {parent_tid=[923]}, 88) = 923 [pid 923] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 922] rt_sigprocmask(SIG_SETMASK, [], [pid 923] rt_sigprocmask(SIG_SETMASK, [], [pid 922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 922] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] memfd_create("syzkaller", 0 [pid 922] <... futex resumed>) = 0 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 922] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 924 attached => {parent_tid=[924]}, 88) = 924 [pid 922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 922] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 923] <... memfd_create resumed>) = 3 [pid 923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 924] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 924] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 924] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 922] <... futex resumed>) = 0 [pid 922] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 924] <... mount resumed>) = 0 [pid 924] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 922] <... futex resumed>) = 0 [pid 922] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 923] <... write resumed>) = 262144 [pid 924] <... open resumed>) = 5 [pid 923] munmap(0x7ff5a10f3000, 138412032 [pid 924] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 922] <... futex resumed>) = 0 [pid 922] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 923] <... munmap resumed>) = 0 [pid 923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 923] ioctl(6, LOOP_SET_FD, 3 [pid 924] <... write resumed>) = -1 ENOSPC (No space left on device) [ 31.436753][ T918] loop0: detected capacity change from 0 to 512 [ 31.451177][ T918] EXT4-fs (loop0): 1 orphan inode deleted [ 31.456861][ T918] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/130/bus supports timestamps until 2038 (0x7fffffff) [pid 924] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 924] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 922] <... futex resumed>) = 0 [pid 923] <... ioctl resumed>) = 0 [pid 922] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 922] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] <... futex resumed>) = 0 [pid 924] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 923] close(3) = 0 [pid 923] mkdir("./bus", 0777 [pid 924] <... write resumed>) = 1045 [pid 924] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 924] <... futex resumed>) = 1 [pid 923] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 922] <... futex resumed>) = 0 [pid 924] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 923] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 923] ioctl(6, LOOP_CLR_FD) = 0 [pid 923] close(6) = 0 [pid 923] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 922] exit_group(0) = ? [pid 924] <... futex resumed>) = ? [pid 924] +++ exited with 0 +++ [pid 923] <... futex resumed>) = ? [pid 923] +++ exited with 0 +++ [pid 922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=922, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/bus") = 0 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 925 ./strace-static-x86_64: Process 925 attached [pid 925] set_robust_list(0x5555561b76a0, 24) = 0 [pid 925] chdir("./132") = 0 [pid 925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 925] setpgid(0, 0) = 0 [pid 925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 925] write(3, "1000", 4) = 4 [pid 925] close(3) = 0 [pid 925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 925] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 925] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 926 attached [pid 926] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 926] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] <... clone3 resumed> => {parent_tid=[926]}, 88) = 926 [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 925] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 926] <... futex resumed>) = 0 [pid 926] memfd_create("syzkaller", 0 [pid 925] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] <... memfd_create resumed>) = 3 [pid 926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 926] <... mmap resumed>) = 0x7ff5a10f3000 [pid 925] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 925] <... mprotect resumed>) = 0 [pid 926] <... write resumed>) = 262144 [pid 925] rt_sigprocmask(SIG_BLOCK, ~[], [pid 926] munmap(0x7ff5a10f3000, 138412032 [pid 925] <... rt_sigprocmask resumed>[], 8) = 0 [pid 925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 926] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 927 attached [pid 927] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 927] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 926] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 925] <... clone3 resumed> => {parent_tid=[927]}, 88) = 927 [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 925] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 927] <... futex resumed>) = 0 [pid 925] <... futex resumed>) = 1 [pid 927] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 925] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 927] <... open resumed>) = 4 [pid 927] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 927] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] <... futex resumed>) = 0 [pid 927] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 925] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 927] <... mount resumed>) = 0 [pid 927] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 927] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 927] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 927] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... futex resumed>) = 0 [pid 927] <... futex resumed>) = 1 [pid 925] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 927] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 925] <... futex resumed>) = 0 [pid 927] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 925] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 927] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 927] <... futex resumed>) = 0 [pid 925] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 927] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 925] <... futex resumed>) = 0 [pid 927] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 925] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 927] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 927] <... futex resumed>) = 0 [pid 927] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 926] <... openat resumed>) = 5 [ 31.494846][ T923] loop0: detected capacity change from 0 to 512 [ 31.502573][ T923] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 926] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 926] close(3) = 0 [pid 926] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 926] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 926] ioctl(5, LOOP_CLR_FD) = 0 [pid 926] close(5) = 0 [pid 926] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] exit_group(0 [pid 927] <... futex resumed>) = ? [pid 925] <... exit_group resumed>) = ? [pid 927] +++ exited with 0 +++ [pid 926] <... futex resumed>) = ? [pid 926] +++ exited with 0 +++ [pid 925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=925, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/bus") = 0 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 930 ./strace-static-x86_64: Process 930 attached [pid 930] set_robust_list(0x5555561b76a0, 24) = 0 [pid 930] chdir("./133") = 0 [pid 930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 930] setpgid(0, 0) = 0 [pid 930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 930] write(3, "1000", 4) = 4 [pid 930] close(3) = 0 [pid 930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 930] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 930] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 930] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[931]}, 88) = 931 ./strace-static-x86_64: Process 931 attached [pid 931] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 931] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 930] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] memfd_create("syzkaller", 0 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] <... memfd_create resumed>) = 3 [pid 931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a1114000 [pid 930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a10f3000 [pid 930] mprotect(0x7ff5a10f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a1113990, parent_tid=0x7ff5a1113990, exit_signal=0, stack=0x7ff5a10f3000, stack_size=0x20300, tls=0x7ff5a11136c0} [pid 931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 930] <... clone3 resumed> => {parent_tid=[932]}, 88) = 932 [pid 930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 930] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 932 attached [pid 931] <... write resumed>) = 262144 [pid 932] set_robust_list(0x7ff5a11139a0, 24 [pid 931] munmap(0x7ff5a1114000, 138412032 [pid 930] <... futex resumed>) = 0 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] <... set_robust_list resumed>) = 0 [pid 931] <... munmap resumed>) = 0 [pid 932] rt_sigprocmask(SIG_SETMASK, [], [pid 931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 931] <... openat resumed>) = 4 [pid 932] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 931] ioctl(4, LOOP_SET_FD, 3 [pid 932] <... open resumed>) = 5 [pid 932] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 31.538070][ T926] loop0: detected capacity change from 0 to 512 [ 31.550944][ T926] EXT4-fs (loop0): 1 orphan inode deleted [ 31.556551][ T926] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/132/bus supports timestamps until 2038 (0x7fffffff) [pid 930] <... futex resumed>) = 0 [pid 930] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 932] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 930] <... futex resumed>) = 0 [pid 930] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 932] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 930] <... futex resumed>) = 0 [pid 930] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 931] <... ioctl resumed>) = 0 [pid 931] close(3) = 0 [pid 931] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 931] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 932] <... write resumed>) = -1 EIO (Input/output error) [pid 932] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 932] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 930] <... futex resumed>) = 0 [pid 930] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 930] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] <... futex resumed>) = 0 [pid 932] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 932] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 930] <... futex resumed>) = 0 [pid 932] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 931] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 931] ioctl(4, LOOP_CLR_FD) = 0 [pid 931] close(4) = 0 [pid 931] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 930] exit_group(0) = ? [pid 931] <... futex resumed>) = ? [pid 931] +++ exited with 0 +++ [pid 932] <... futex resumed>) = ? [pid 932] +++ exited with 0 +++ [pid 930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=930, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/bus") = 0 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 935 attached , child_tidptr=0x5555561b7690) = 935 [pid 935] set_robust_list(0x5555561b76a0, 24) = 0 [pid 935] chdir("./134") = 0 [pid 935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 935] setpgid(0, 0) = 0 [pid 935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 935] write(3, "1000", 4) = 4 [pid 935] close(3) = 0 [pid 935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 935] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 935] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 936 attached [pid 936] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 936] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 935] <... clone3 resumed> => {parent_tid=[936]}, 88) = 936 [pid 935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 935] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 935] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 937 attached => {parent_tid=[937]}, 88) = 937 [pid 937] set_robust_list(0x7ff5a95139a0, 24 [pid 935] rt_sigprocmask(SIG_SETMASK, [], [pid 937] <... set_robust_list resumed>) = 0 [pid 935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 935] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] rt_sigprocmask(SIG_SETMASK, [], [pid 936] <... futex resumed>) = 0 [pid 937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 937] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 937] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... futex resumed>) = 1 [pid 937] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 936] memfd_create("syzkaller", 0) = 4 [pid 936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 937] <... mount resumed>) = 0 [pid 936] <... mmap resumed>) = 0x7ff5a10f3000 [pid 937] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... futex resumed>) = 1 [pid 937] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 937] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 936] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 937] <... futex resumed>) = 1 [pid 937] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 937] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 936] <... write resumed>) = 262144 [pid 936] munmap(0x7ff5a10f3000, 138412032 [pid 937] <... futex resumed>) = 1 [pid 937] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 936] <... munmap resumed>) = 0 [pid 936] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 937] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 936] <... openat resumed>) = 6 [pid 937] <... futex resumed>) = 1 [pid 936] ioctl(6, LOOP_SET_FD, 4 [ 31.601975][ T931] loop0: detected capacity change from 0 to 512 [ 31.605569][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 31.619820][ T931] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 31.633338][ T931] EXT4-fs (loop0): get root inode failed [ 31.638908][ T931] EXT4-fs (loop0): mount failed [pid 937] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 936] <... ioctl resumed>) = 0 [pid 936] close(4) = 0 [pid 936] mkdir("./file1", 0777) = 0 [pid 936] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 936] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 936] chdir("./file1") = 0 [pid 936] ioctl(6, LOOP_CLR_FD) = 0 [pid 936] close(6) = 0 [pid 936] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 936] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 935] exit_group(0 [pid 937] <... futex resumed>) = ? [pid 935] <... exit_group resumed>) = ? [pid 937] +++ exited with 0 +++ [pid 936] <... futex resumed>) = ? [pid 936] +++ exited with 0 +++ [pid 935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=935, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/bus") = 0 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 940 ./strace-static-x86_64: Process 940 attached [pid 940] set_robust_list(0x5555561b76a0, 24) = 0 [pid 940] chdir("./135") = 0 [pid 940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 940] setpgid(0, 0) = 0 [pid 940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 940] write(3, "1000", 4) = 4 [pid 940] close(3) = 0 [pid 940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 940] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 940] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 940] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 941 attached => {parent_tid=[941]}, 88) = 941 [pid 941] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 941] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 940] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 941] <... futex resumed>) = 0 [pid 940] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 941] memfd_create("syzkaller", 0 [pid 940] <... mmap resumed>) = 0x7ff5a94f3000 [pid 941] <... memfd_create resumed>) = 3 [pid 940] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 942 attached => {parent_tid=[942]}, 88) = 942 [pid 942] set_robust_list(0x7ff5a95139a0, 24 [pid 940] rt_sigprocmask(SIG_SETMASK, [], [pid 942] <... set_robust_list resumed>) = 0 [pid 940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 942] rt_sigprocmask(SIG_SETMASK, [], [pid 941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 940] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 940] <... futex resumed>) = 0 [pid 942] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 940] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 942] <... open resumed>) = 4 [pid 942] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... write resumed>) = 262144 [pid 941] munmap(0x7ff5a10f3000, 138412032 [pid 940] <... futex resumed>) = 0 [pid 942] <... futex resumed>) = 1 [pid 941] <... munmap resumed>) = 0 [pid 940] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 940] <... futex resumed>) = 0 [ 31.665344][ T936] loop0: detected capacity change from 0 to 512 [ 31.681361][ T936] EXT4-fs (loop0): 1 orphan inode deleted [ 31.686971][ T936] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/134/file1 supports timestamps until 2038 (0x7fffffff) [pid 941] ioctl(5, LOOP_SET_FD, 3 [pid 942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 940] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 941] <... ioctl resumed>) = 0 [pid 941] close(3) = 0 [pid 941] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 941] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 942] <... mount resumed>) = 0 [pid 942] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 940] <... futex resumed>) = 0 [pid 942] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 940] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 942] <... open resumed>) = 3 [pid 940] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 942] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 940] <... futex resumed>) = 0 [pid 940] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 940] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 942] <... futex resumed>) = 1 [pid 942] write(3, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 942] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 940] <... futex resumed>) = 0 [pid 940] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 940] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 942] <... futex resumed>) = 1 [pid 942] write(3, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 942] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 940] <... futex resumed>) = 0 [pid 942] <... futex resumed>) = 1 [pid 942] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 941] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 941] ioctl(5, LOOP_CLR_FD) = 0 [pid 941] close(5) = 0 [pid 941] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 940] exit_group(0) = ? [pid 941] <... futex resumed>) = ? [pid 941] +++ exited with 0 +++ [pid 942] <... futex resumed>) = ? [pid 942] +++ exited with 0 +++ [pid 940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=940, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/bus") = 0 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 945 ./strace-static-x86_64: Process 945 attached [pid 945] set_robust_list(0x5555561b76a0, 24) = 0 [pid 945] chdir("./136") = 0 [pid 945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 945] setpgid(0, 0) = 0 [pid 945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 945] write(3, "1000", 4) = 4 [pid 945] close(3) = 0 [pid 945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 945] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 945] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[946]}, 88) = 946 [pid 945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 945] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 945] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[947]}, 88) = 947 [pid 945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 945] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 947 attached [pid 947] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 947] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000./strace-static-x86_64: Process 946 attached [pid 946] set_robust_list(0x7ff5a95349a0, 24 [pid 947] <... open resumed>) = 3 [pid 946] <... set_robust_list resumed>) = 0 [pid 947] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] rt_sigprocmask(SIG_SETMASK, [], [pid 947] <... futex resumed>) = 1 [pid 947] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 946] memfd_create("syzkaller", 0 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] <... memfd_create resumed>) = 4 [pid 946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 945] <... futex resumed>) = 1 [pid 947] <... futex resumed>) = 0 [pid 947] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 945] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 947] <... mount resumed>) = 0 [pid 947] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 947] <... futex resumed>) = 1 [pid 947] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 947] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 947] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 947] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 947] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 946] <... write resumed>) = 262144 [pid 947] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] munmap(0x7ff5a10f3000, 138412032 [pid 945] <... futex resumed>) = 0 [pid 947] <... futex resumed>) = 1 [pid 947] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] <... munmap resumed>) = 0 [pid 946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.736308][ T941] loop0: detected capacity change from 0 to 512 [ 31.749965][ T941] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 31.763232][ T941] EXT4-fs (loop0): get root inode failed [ 31.768799][ T941] EXT4-fs (loop0): mount failed [pid 946] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 946] close(4) = 0 [pid 946] mkdir("./file1", 0777) = 0 [pid 946] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 946] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 946] chdir("./file1") = 0 [pid 946] ioctl(6, LOOP_CLR_FD) = 0 [pid 946] close(6) = 0 [pid 946] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 946] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 945] exit_group(0) = ? [pid 947] <... futex resumed>) = ? [pid 946] <... futex resumed>) = ? [pid 946] +++ exited with 0 +++ [pid 947] +++ exited with 0 +++ [pid 945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=945, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/bus") = 0 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 950 ./strace-static-x86_64: Process 950 attached [pid 950] set_robust_list(0x5555561b76a0, 24) = 0 [pid 950] chdir("./137") = 0 [pid 950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 950] setpgid(0, 0) = 0 [pid 950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 950] write(3, "1000", 4) = 4 [pid 950] close(3) = 0 [pid 950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 950] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 950] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[951]}, 88) = 951 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 950] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 950] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[952]}, 88) = 952 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 950] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 952 attached [pid 952] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 952] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 952] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 952] <... futex resumed>) = 1 [pid 952] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 952] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 952] <... futex resumed>) = 1 [pid 952] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c./strace-static-x86_64: Process 951 attached ) = 4 [pid 952] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 952] <... futex resumed>) = 1 [pid 952] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 952] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 952] <... futex resumed>) = 1 [pid 952] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 952] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 952] <... futex resumed>) = 1 [pid 952] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 951] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 951] memfd_create("syzkaller", 0) = 5 [pid 951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 951] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 951] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.799451][ T946] loop0: detected capacity change from 0 to 512 [ 31.810664][ T946] EXT4-fs (loop0): 1 orphan inode deleted [ 31.816386][ T946] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/136/file1 supports timestamps until 2038 (0x7fffffff) [pid 951] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 951] close(5) = 0 [pid 951] mkdir("./file1", 0777) = 0 [pid 951] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 951] chdir("./file1") = 0 [pid 951] ioctl(6, LOOP_CLR_FD) = 0 [pid 951] close(6) = 0 [pid 951] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 951] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 950] exit_group(0 [pid 952] <... futex resumed>) = ? [pid 950] <... exit_group resumed>) = ? [pid 952] +++ exited with 0 +++ [pid 951] <... futex resumed>) = ? [pid 951] +++ exited with 0 +++ [pid 950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=950, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/bus") = 0 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 955 ./strace-static-x86_64: Process 955 attached [pid 955] set_robust_list(0x5555561b76a0, 24) = 0 [pid 955] chdir("./138") = 0 [pid 955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 955] setpgid(0, 0) = 0 [pid 955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 955] write(3, "1000", 4) = 4 [pid 955] close(3) = 0 [pid 955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 955] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 955] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 956 attached [pid 956] set_robust_list(0x7ff5a95349a0, 24 [pid 955] <... clone3 resumed> => {parent_tid=[956]}, 88) = 956 [pid 955] rt_sigprocmask(SIG_SETMASK, [], [pid 956] <... set_robust_list resumed>) = 0 [pid 955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 956] rt_sigprocmask(SIG_SETMASK, [], [pid 955] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] memfd_create("syzkaller", 0 [pid 955] <... futex resumed>) = 0 [pid 955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 956] <... memfd_create resumed>) = 3 [pid 955] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 956] <... mmap resumed>) = 0x7ff5a10f3000 [pid 955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 957 attached => {parent_tid=[957]}, 88) = 957 [pid 957] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 957] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 955] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 957] <... futex resumed>) = 0 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 957] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 957] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... futex resumed>) = 0 [pid 957] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 957] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 957] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 955] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... open resumed>) = 5 [pid 957] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 957] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] <... futex resumed>) = 0 [pid 957] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 957] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 957] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 955] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 955] <... futex resumed>) = 0 [pid 957] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 955] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... futex resumed>) = 0 [pid 955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 957] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 956] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.849052][ T951] loop0: detected capacity change from 0 to 512 [ 31.861148][ T951] EXT4-fs (loop0): 1 orphan inode deleted [ 31.866762][ T951] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/137/file1 supports timestamps until 2038 (0x7fffffff) [pid 956] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 956] close(3) = 0 [pid 956] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 956] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 956] ioctl(6, LOOP_CLR_FD) = 0 [pid 956] close(6) = 0 [pid 956] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] exit_group(0) = ? [pid 956] <... futex resumed>) = ? [pid 956] +++ exited with 0 +++ [pid 957] <... futex resumed>) = ? [pid 957] +++ exited with 0 +++ [pid 955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=955, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/bus") = 0 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 960 ./strace-static-x86_64: Process 960 attached [pid 960] set_robust_list(0x5555561b76a0, 24) = 0 [pid 960] chdir("./139") = 0 [pid 960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 960] setpgid(0, 0) = 0 [pid 960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 960] write(3, "1000", 4) = 4 [pid 960] close(3) = 0 [pid 960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 960] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 960] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[961]}, 88) = 961 ./strace-static-x86_64: Process 961 attached [pid 960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 960] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 960] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 960] rt_sigprocmask(SIG_BLOCK, ~[], [pid 961] set_robust_list(0x7ff5a95349a0, 24 [pid 960] <... rt_sigprocmask resumed>[], 8) = 0 [pid 960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 961] <... set_robust_list resumed>) = 0 [pid 960] <... clone3 resumed> => {parent_tid=[962]}, 88) = 962 [pid 960] rt_sigprocmask(SIG_SETMASK, [], [pid 961] rt_sigprocmask(SIG_SETMASK, [], [pid 960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 960] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 962 attached [pid 962] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 962] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 962] <... open resumed>) = 3 [pid 962] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 962] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 962] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 962] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 962] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 962] <... futex resumed>) = 1 [pid 961] memfd_create("syzkaller", 0 [pid 962] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] <... memfd_create resumed>) = 5 [pid 961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 961] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 961] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.910197][ T956] loop0: detected capacity change from 0 to 512 [ 31.920827][ T956] EXT4-fs (loop0): 1 orphan inode deleted [ 31.926671][ T956] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/138/bus supports timestamps until 2038 (0x7fffffff) [pid 961] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 961] close(5) = 0 [pid 961] mkdir("./file1", 0777) = 0 [pid 961] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 961] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 961] chdir("./file1") = 0 [pid 961] ioctl(6, LOOP_CLR_FD) = 0 [pid 961] close(6) = 0 [pid 961] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 960] exit_group(0 [pid 962] <... futex resumed>) = ? [pid 960] <... exit_group resumed>) = ? [pid 962] +++ exited with 0 +++ [pid 961] <... futex resumed>) = ? [pid 961] +++ exited with 0 +++ [pid 960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=960, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/bus") = 0 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 965 ./strace-static-x86_64: Process 965 attached [pid 965] set_robust_list(0x5555561b76a0, 24) = 0 [pid 965] chdir("./140") = 0 [pid 965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 965] setpgid(0, 0) = 0 [pid 965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 965] write(3, "1000", 4) = 4 [pid 965] close(3) = 0 [pid 965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 965] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 965] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 965] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 31.981462][ T961] loop0: detected capacity change from 0 to 512 [ 32.001327][ T961] EXT4-fs (loop0): 1 orphan inode deleted [ 32.006963][ T961] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/139/file1 supports timestamps until 2038 (0x7fffffff) [pid 965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 966 attached => {parent_tid=[966]}, 88) = 966 [pid 966] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 966] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 965] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 966] <... futex resumed>) = 0 [pid 966] memfd_create("syzkaller", 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 966] <... memfd_create resumed>) = 3 [pid 965] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE [pid 966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 965] <... mprotect resumed>) = 0 [pid 966] <... mmap resumed>) = 0x7ff5a10f3000 [pid 965] rt_sigprocmask(SIG_BLOCK, ~[], [pid 966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 965] <... rt_sigprocmask resumed>[], 8) = 0 [pid 965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0}./strace-static-x86_64: Process 967 attached [pid 967] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 967] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 965] <... clone3 resumed> => {parent_tid=[967]}, 88) = 967 [pid 965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 965] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 966] <... write resumed>) = 262144 [pid 966] munmap(0x7ff5a10f3000, 138412032 [pid 967] <... open resumed>) = 4 [pid 967] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... munmap resumed>) = 0 [pid 966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 966] ioctl(5, LOOP_SET_FD, 3 [pid 967] <... futex resumed>) = 1 [pid 965] <... futex resumed>) = 0 [pid 965] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 967] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 965] <... futex resumed>) = 0 [pid 965] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 967] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 965] <... futex resumed>) = 0 [pid 965] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8 [pid 966] <... ioctl resumed>) = 0 [pid 966] close(3 [pid 967] <... write resumed>) = -1 EIO (Input/output error) [pid 966] <... close resumed>) = 0 [pid 967] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 965] <... futex resumed>) = 0 [pid 965] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 965] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045 [pid 966] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 966] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 967] <... write resumed>) = 1045 [pid 967] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 965] <... futex resumed>) = 0 [pid 967] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 966] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 966] ioctl(5, LOOP_CLR_FD) = 0 [pid 966] close(5) = 0 [pid 966] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 965] exit_group(0) = ? [pid 967] <... futex resumed>) = ? [pid 967] +++ exited with 0 +++ [pid 966] <... futex resumed>) = ? [pid 966] +++ exited with 0 +++ [pid 965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=965, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/bus") = 0 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 968 ./strace-static-x86_64: Process 968 attached [pid 968] set_robust_list(0x5555561b76a0, 24) = 0 [pid 968] chdir("./141") = 0 [pid 968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 968] setpgid(0, 0) = 0 [pid 968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 968] write(3, "1000", 4) = 4 [pid 968] close(3) = 0 [pid 968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 968] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 968] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0}./strace-static-x86_64: Process 969 attached [pid 969] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 968] <... clone3 resumed> => {parent_tid=[969]}, 88) = 969 [pid 969] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 968] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 969] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] memfd_create("syzkaller", 0 [pid 968] <... futex resumed>) = 0 [pid 969] <... memfd_create resumed>) = 3 [pid 968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 968] <... mmap resumed>) = 0x7ff5a94f3000 [pid 969] <... mmap resumed>) = 0x7ff5a10f3000 [pid 968] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[970]}, 88) = 970 [pid 968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 968] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 970 attached [pid 970] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 970] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 969] <... write resumed>) = 262144 [pid 969] munmap(0x7ff5a10f3000, 138412032 [pid 970] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... munmap resumed>) = 0 [pid 970] <... futex resumed>) = 1 [pid 969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... openat resumed>) = 5 [pid 969] ioctl(5, LOOP_SET_FD, 3 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 970] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 970] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 970] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 970] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 970] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 EIO (Input/output error) [pid 970] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 970] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 EIO (Input/output error) [pid 970] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 968] <... futex resumed>) = 0 [ 32.068127][ T966] loop0: detected capacity change from 0 to 512 [ 32.070712][ T56] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 32.085025][ T966] EXT4-fs (loop0): bad geometry: block count 3888436996 exceeds size of device (64 blocks) [pid 970] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 969] <... ioctl resumed>) = 0 [pid 969] close(3) = 0 [pid 969] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 32.114535][ T969] loop0: detected capacity change from 0 to 512 [pid 969] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 969] ioctl(5, LOOP_CLR_FD) = 0 [pid 969] close(5) = 0 [pid 969] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 968] exit_group(0 [pid 970] <... futex resumed>) = ? [pid 968] <... exit_group resumed>) = ? [pid 970] +++ exited with 0 +++ [pid 969] <... futex resumed>) = ? [pid 969] +++ exited with 0 +++ [pid 968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=968, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/bus") = 0 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 973 ./strace-static-x86_64: Process 973 attached [pid 973] set_robust_list(0x5555561b76a0, 24) = 0 [pid 973] chdir("./142") = 0 [pid 973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 973] setpgid(0, 0) = 0 [pid 973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 973] write(3, "1000", 4) = 4 [pid 973] close(3) = 0 [pid 973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 973] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 973] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[974]}, 88) = 974 [pid 973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 973] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 973] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[975]}, 88) = 975 [pid 973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 973] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 974 attached [pid 974] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] memfd_create("syzkaller", 0) = 3 [pid 974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 ./strace-static-x86_64: Process 975 attached [pid 974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 974] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 975] set_robust_list(0x7ff5a95139a0, 24 [pid 974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 974] ioctl(4, LOOP_SET_FD, 3 [pid 975] <... set_robust_list resumed>) = 0 [pid 974] <... ioctl resumed>) = 0 [pid 974] close(3) = 0 [pid 974] mkdir("./file1", 0777 [pid 975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] <... mkdir resumed>) = 0 [pid 975] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 974] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue" [pid 975] <... open resumed>) = 3 [pid 975] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] <... futex resumed>) = 1 [pid 975] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 975] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] <... futex resumed>) = 1 [pid 975] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 975] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] <... futex resumed>) = 1 [pid 975] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = 8 [pid 975] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] <... futex resumed>) = 1 [pid 975] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = 1045 [pid 975] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 973] <... futex resumed>) = 0 [pid 975] <... futex resumed>) = 1 [ 32.141156][ T969] EXT4-fs (loop0): 1 orphan inode deleted [ 32.146995][ T969] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/141/bus supports timestamps until 2038 (0x7fffffff) [ 32.181328][ T974] loop0: detected capacity change from 0 to 512 [pid 975] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 974] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 974] ioctl(4, LOOP_CLR_FD) = 0 [pid 974] close(4) = 0 [pid 974] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 974] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 973] exit_group(0 [pid 975] <... futex resumed>) = ? [pid 973] <... exit_group resumed>) = ? [pid 975] +++ exited with 0 +++ [pid 974] <... futex resumed>) = ? [pid 974] +++ exited with 0 +++ [pid 973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=973, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/bus") = 0 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 978 ./strace-static-x86_64: Process 978 attached [pid 978] set_robust_list(0x5555561b76a0, 24) = 0 [pid 978] chdir("./143") = 0 [pid 978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 978] setpgid(0, 0) = 0 [pid 978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 978] write(3, "1000", 4) = 4 [pid 978] close(3) = 0 [pid 978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 978] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 978] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[980]}, 88) = 980 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 978] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[981]}, 88) = 981 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 981 attached [pid 981] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 981] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000./strace-static-x86_64: Process 980 attached [pid 980] set_robust_list(0x7ff5a95349a0, 24) = 0 [pid 981] <... open resumed>) = 3 [pid 980] rt_sigprocmask(SIG_SETMASK, [], [pid 981] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 981] <... futex resumed>) = 1 [pid 981] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 981] <... mount resumed>) = 0 [pid 981] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 981] <... futex resumed>) = 1 [pid 981] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 980] memfd_create("syzkaller", 0 [pid 981] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... memfd_create resumed>) = 5 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 981] <... futex resumed>) = 1 [pid 981] write(4, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 981] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 981] <... futex resumed>) = 1 [pid 980] <... mmap resumed>) = 0x7ff5a10f3000 [pid 981] write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 981] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 978] <... futex resumed>) = 0 [pid 981] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 980] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 980] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.199892][ T974] EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor170: Invalid inode table block 34 in block_group 0 [ 32.213402][ T974] EXT4-fs (loop0): get root inode failed [ 32.218977][ T974] EXT4-fs (loop0): mount failed [pid 980] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 980] close(5) = 0 [pid 980] mkdir("./file1", 0777) = 0 [pid 980] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 980] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 [pid 980] chdir("./file1") = 0 [pid 980] ioctl(6, LOOP_CLR_FD) = 0 [pid 980] close(6) = 0 [pid 980] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 980] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 978] exit_group(0 [pid 981] <... futex resumed>) = ? [pid 978] <... exit_group resumed>) = ? [pid 981] +++ exited with 0 +++ [pid 980] <... futex resumed>) = ? [pid 980] +++ exited with 0 +++ [pid 978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=978, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 5 entries */, 32768) = 136 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/bus") = 0 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555561c0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561c0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file1") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b7690) = 984 ./strace-static-x86_64: Process 984 attached [pid 984] set_robust_list(0x5555561b76a0, 24) = 0 [pid 984] chdir("./144") = 0 [pid 984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 984] setpgid(0, 0) = 0 [pid 984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 984] write(3, "1000", 4) = 4 [pid 984] close(3) = 0 [pid 984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 984] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 984] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[985]}, 88) = 985 [pid 984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 984] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 985 attached ) = 0 [pid 984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 984] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} [pid 985] set_robust_list(0x7ff5a95349a0, 24./strace-static-x86_64: Process 986 attached [pid 984] <... clone3 resumed> => {parent_tid=[986]}, 88) = 986 [pid 985] <... set_robust_list resumed>) = 0 [pid 985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 985] memfd_create("syzkaller", 0) = 3 [pid 985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff5a10f3000 [pid 984] rt_sigprocmask(SIG_SETMASK, [], [pid 986] set_robust_list(0x7ff5a95139a0, 24 [pid 984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 986] <... set_robust_list resumed>) = 0 [pid 984] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 986] rt_sigprocmask(SIG_SETMASK, [], [pid 984] <... futex resumed>) = 0 [pid 986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 984] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000 [pid 985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 986] <... open resumed>) = 4 [pid 986] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 986] <... futex resumed>) = 1 [pid 985] <... write resumed>) = 262144 [pid 984] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 985] ioctl(5, LOOP_SET_FD, 3 [pid 986] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... mount resumed>) = 0 [pid 986] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.249431][ T980] loop0: detected capacity change from 0 to 512 [ 32.260967][ T980] EXT4-fs (loop0): 1 orphan inode deleted [ 32.266627][ T980] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/143/file1 supports timestamps until 2038 (0x7fffffff) [pid 984] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 986] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] write(6, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 EIO (Input/output error) [pid 986] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 EIO (Input/output error) [pid 986] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 986] <... futex resumed>) = 1 [pid 986] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] <... ioctl resumed>) = 0 [pid 985] close(3) = 0 [pid 985] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 985] mount("/dev/loop0", "./bus", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = -1 ENOTDIR (Not a directory) [pid 985] ioctl(5, LOOP_CLR_FD) = 0 [pid 985] close(5) = 0 [pid 985] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7ff5a96006c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 984] exit_group(0 [pid 985] <... futex resumed>) = ? [pid 984] <... exit_group resumed>) = ? [pid 986] <... futex resumed>) = ? [pid 985] +++ exited with 0 +++ [pid 986] +++ exited with 0 +++ [pid 984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=984, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561b8730 /* 4 entries */, 32768) = 104 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/bus") = 0 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 getdents64(3, 0x5555561b8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 989 attached [pid 989] set_robust_list(0x5555561b76a0, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555561b7690) = 989 [pid 989] chdir("./145") = 0 [pid 989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 989] setpgid(0, 0) = 0 [pid 989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 989] write(3, "1000", 4) = 4 [pid 989] close(3) = 0 [pid 989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 989] futex(0x7ff5a96006cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] rt_sigaction(SIGRT_1, {sa_handler=0x7ff5a959df30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff5a958f0e0}, NULL, 8) = 0 [pid 989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a9514000 [pid 989] mprotect(0x7ff5a9515000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9534990, parent_tid=0x7ff5a9534990, exit_signal=0, stack=0x7ff5a9514000, stack_size=0x20300, tls=0x7ff5a95346c0} => {parent_tid=[990]}, 88) = 990 [pid 989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 990 attached [pid 989] futex(0x7ff5a96006c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff5a94f3000 [pid 989] mprotect(0x7ff5a94f4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 990] set_robust_list(0x7ff5a95349a0, 24 [pid 989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff5a9513990, parent_tid=0x7ff5a9513990, exit_signal=0, stack=0x7ff5a94f3000, stack_size=0x20300, tls=0x7ff5a95136c0} => {parent_tid=[991]}, 88) = 991 [pid 990] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 991 attached [pid 989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 989] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 990] memfd_create("syzkaller", 0 [pid 991] set_robust_list(0x7ff5a95139a0, 24) = 0 [pid 990] <... memfd_create resumed>) = 3 [pid 990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 991] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC, 000) = 4 [pid 991] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 990] <... mmap resumed>) = 0x7ff5a10f3000 [pid 989] <... futex resumed>) = 0 [pid 989] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 991] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 991] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 989] <... futex resumed>) = 0 [pid 989] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 991] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 991] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 989] <... futex resumed>) = 0 [pid 989] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 991] write(5, "\x31\x30\x30\x30\x30\x30\x30\x00", 8) = -1 ENOSPC (No space left on device) [pid 991] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 989] <... futex resumed>) = 0 [pid 989] futex(0x7ff5a96006d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 989] futex(0x7ff5a96006dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 991] write(5, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x31\x0a\x82\x6a\x3f\xc6\x7c\x3a\xab\x7d\x7e\x31\x38\xd5\xcc\x25\x19\xa6\xa8\xf7\xa0\x0b\xff\x3b\xee\x49\xbb\x93\x22\x1f\x4e\x80\x95\x34\x94\x23\x35\x8b\x24\xc3\x46\x99\x05\xf2\x81\x89\x7d\xc6\xe1\x7a\x55\x07\xba\x1b\x9e\x33\xcc\x8e\x4f\x28\xf6\xda\xe3\x4d\x29\x86\xca\x00\x9c\x79\xab\x46\x1e\x69\xfd\x74\xcc\xe8\xc9\xed\x5b\x91\x09\xf3\xfa\x42\xf4\x3d\x39\x82\xeb"..., 1045) = -1 ENOSPC (No space left on device) [pid 991] futex(0x7ff5a96006dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 989] <... futex resumed>) = 0 [pid 991] futex(0x7ff5a96006d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 990] munmap(0x7ff5a10f3000, 138412032) = 0 [pid 990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.307667][ T985] loop0: detected capacity change from 0 to 512 [ 32.321457][ T985] EXT4-fs (loop0): 1 orphan inode deleted [ 32.327119][ T985] ext4 filesystem being mounted at /root/syzkaller.8K29Ps/144/bus supports timestamps until 2038 (0x7fffffff) [pid 990] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 990] close(3) = 0 [pid 990] mkdir("./bus", 0777) = -1 EEXIST (File exists)