./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2693626077 <...> DUID 00:04:f8:32:f0:25:6b:f7:7b:d6:d2:5e:34:7f:1d:07:e3:4e forked to background, child pid 3209 [ 30.169236][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.179883][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts. execve("./syz-executor2693626077", ["./syz-executor2693626077"], 0x7fff75b6f860 /* 10 vars */) = 0 brk(NULL) = 0x555555577000 brk(0x555555577c40) = 0x555555577c40 arch_prctl(ARCH_SET_FS, 0x555555577300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2693626077", 4096) = 28 brk(0x555555598c40) = 0x555555598c40 brk(0x555555599000) = 0x555555599000 mprotect(0x7eff66c93000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3638 mkdir("./syzkaller.25geth", 0700) = 0 chmod("./syzkaller.25geth", 0777) = 0 chdir("./syzkaller.25geth") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3640 attached , child_tidptr=0x5555555775d0) = 3640 [pid 3640] chdir("./0") = 0 [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [pid 3640] close(3) = 0 [pid 3640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3640] memfd_create("syzkaller", 0) = 3 [pid 3640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3640] munmap(0x7eff5e600000, 2097152) = 0 [pid 3640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3640] close(3) = 0 [pid 3640] mkdir("./file0", 0777) = 0 [pid 3640] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 syzkaller login: [ 50.783608][ T3640] loop0: detected capacity change from 0 to 4096 [ 50.801713][ T3640] NILFS (loop0): invalid segment: Checksum error in segment payload [ 50.809867][ T3640] NILFS (loop0): trying rollback from an earlier position [ 50.824112][ T3640] NILFS (loop0): recovery complete [pid 3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3640] chdir("./file0") = 0 [pid 3640] ioctl(4, LOOP_CLR_FD) = 0 [pid 3640] close(4) = 0 [pid 3640] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3640] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3640] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 50.832211][ T3641] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 50.853214][ T27] audit: type=1800 audit(1670141540.137:2): pid=3640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3640] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3640] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3640] exit_group(0) = ? [pid 3640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3642 attached , child_tidptr=0x5555555775d0) = 3642 [pid 3642] chdir("./1") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] memfd_create("syzkaller", 0) = 3 [pid 3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3642] munmap(0x7eff5e600000, 2097152) = 0 [pid 3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3642] close(3) = 0 [pid 3642] mkdir("./file0", 0777) = 0 [ 51.117202][ T3642] loop0: detected capacity change from 0 to 4096 [ 51.144502][ T3642] NILFS (loop0): invalid segment: Checksum error in segment payload [ 51.152574][ T3642] NILFS (loop0): trying rollback from an earlier position [pid 3642] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3642] chdir("./file0") = 0 [pid 3642] ioctl(4, LOOP_CLR_FD) = 0 [pid 3642] close(4) = 0 [pid 3642] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3642] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3642] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 51.165637][ T3642] NILFS (loop0): recovery complete [ 51.172075][ T3643] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.176713][ T27] audit: type=1800 audit(1670141540.457:3): pid=3642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3642] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3642] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3642] exit_group(0) = ? [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3644 ./strace-static-x86_64: Process 3644 attached [pid 3644] chdir("./2") = 0 [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3644] memfd_create("syzkaller", 0) = 3 [pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3644] munmap(0x7eff5e600000, 2097152) = 0 [pid 3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3644] close(3) = 0 [pid 3644] mkdir("./file0", 0777) = 0 [ 51.474569][ T3644] loop0: detected capacity change from 0 to 4096 [ 51.499827][ T3644] NILFS (loop0): invalid segment: Checksum error in segment payload [ 51.507949][ T3644] NILFS (loop0): trying rollback from an earlier position [pid 3644] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3644] chdir("./file0") = 0 [pid 3644] ioctl(4, LOOP_CLR_FD) = 0 [pid 3644] close(4) = 0 [pid 3644] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3644] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3644] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 51.528533][ T3644] NILFS (loop0): recovery complete [ 51.542590][ T3645] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.563582][ T27] audit: type=1800 audit(1670141540.847:4): pid=3644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3644] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3644] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3644] exit_group(0) = ? [pid 3644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3646 ./strace-static-x86_64: Process 3646 attached [pid 3646] chdir("./3") = 0 [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3646] memfd_create("syzkaller", 0) = 3 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3646] munmap(0x7eff5e600000, 2097152) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3646] close(3) = 0 [pid 3646] mkdir("./file0", 0777) = 0 [ 51.834242][ T3646] loop0: detected capacity change from 0 to 4096 [ 51.860573][ T3646] NILFS (loop0): invalid segment: Checksum error in segment payload [ 51.868626][ T3646] NILFS (loop0): trying rollback from an earlier position [pid 3646] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3646] chdir("./file0") = 0 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3646] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3646] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 51.881984][ T3646] NILFS (loop0): recovery complete [ 51.888424][ T3647] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.899908][ T27] audit: type=1800 audit(1670141541.177:5): pid=3646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3646] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3646] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3646] exit_group(0) = ? [pid 3646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] chdir("./4") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] memfd_create("syzkaller", 0) = 3 [pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3648] munmap(0x7eff5e600000, 2097152) = 0 [pid 3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3648] close(3) = 0 [pid 3648] mkdir("./file0", 0777) = 0 [ 52.157264][ T3648] loop0: detected capacity change from 0 to 4096 [ 52.172895][ T3648] NILFS (loop0): invalid segment: Checksum error in segment payload [ 52.181267][ T3648] NILFS (loop0): trying rollback from an earlier position [ 52.194514][ T3648] NILFS (loop0): recovery complete [pid 3648] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3648] chdir("./file0") = 0 [pid 3648] ioctl(4, LOOP_CLR_FD) = 0 [pid 3648] close(4) = 0 [pid 3648] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 52.200307][ T3649] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3648] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 52.230434][ T27] audit: type=1800 audit(1670141541.517:6): pid=3648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3648] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3648] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3648] exit_group(0) = ? [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3650 attached , child_tidptr=0x5555555775d0) = 3650 [pid 3650] chdir("./5") = 0 [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3650] memfd_create("syzkaller", 0) = 3 [pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3650] munmap(0x7eff5e600000, 2097152) = 0 [pid 3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3650] close(3) = 0 [pid 3650] mkdir("./file0", 0777) = 0 [ 52.493570][ T3650] loop0: detected capacity change from 0 to 4096 [ 52.511021][ T3650] NILFS (loop0): invalid segment: Checksum error in segment payload [ 52.519095][ T3650] NILFS (loop0): trying rollback from an earlier position [ 52.531829][ T3650] NILFS (loop0): recovery complete [pid 3650] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3650] chdir("./file0") = 0 [pid 3650] ioctl(4, LOOP_CLR_FD) = 0 [pid 3650] close(4) = 0 [pid 3650] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3650] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3650] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 52.538086][ T3651] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.557269][ T27] audit: type=1800 audit(1670141541.837:7): pid=3650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3650] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3650] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3650] exit_group(0) = ? [pid 3650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] chdir("./6") = 0 [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3652] memfd_create("syzkaller", 0) = 3 [pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3652] munmap(0x7eff5e600000, 2097152) = 0 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] close(3) = 0 [pid 3652] mkdir("./file0", 0777) = 0 [ 52.815390][ T3652] loop0: detected capacity change from 0 to 4096 [ 52.831042][ T3652] NILFS (loop0): invalid segment: Checksum error in segment payload [ 52.839125][ T3652] NILFS (loop0): trying rollback from an earlier position [ 52.853372][ T3652] NILFS (loop0): recovery complete [pid 3652] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3652] chdir("./file0") = 0 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3652] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3652] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 52.859725][ T3653] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.877470][ T27] audit: type=1800 audit(1670141542.157:8): pid=3652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3652] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3652] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3652] exit_group(0) = ? [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] chdir("./7") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] memfd_create("syzkaller", 0) = 3 [pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3654] munmap(0x7eff5e600000, 2097152) = 0 [pid 3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3654] close(3) = 0 [pid 3654] mkdir("./file0", 0777) = 0 [pid 3654] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3654] chdir("./file0") = 0 [pid 3654] ioctl(4, LOOP_CLR_FD) = 0 [pid 3654] close(4) = 0 [pid 3654] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 53.120244][ T3654] loop0: detected capacity change from 0 to 4096 [ 53.136489][ T3654] NILFS (loop0): invalid segment: Checksum error in segment payload [ 53.144517][ T3654] NILFS (loop0): trying rollback from an earlier position [ 53.157628][ T3654] NILFS (loop0): recovery complete [pid 3654] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3654] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 53.163909][ T3655] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.170056][ T27] audit: type=1800 audit(1670141542.447:9): pid=3654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3654] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3654] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3656 ./strace-static-x86_64: Process 3656 attached [pid 3656] chdir("./8") = 0 [pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3656] setpgid(0, 0) = 0 [pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3656] write(3, "1000", 4) = 4 [pid 3656] close(3) = 0 [pid 3656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3656] memfd_create("syzkaller", 0) = 3 [pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3656] munmap(0x7eff5e600000, 2097152) = 0 [pid 3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3656] close(3) = 0 [pid 3656] mkdir("./file0", 0777) = 0 [ 53.452514][ T3656] loop0: detected capacity change from 0 to 4096 [ 53.469641][ T3656] NILFS (loop0): invalid segment: Checksum error in segment payload [ 53.477721][ T3656] NILFS (loop0): trying rollback from an earlier position [ 53.491119][ T3656] NILFS (loop0): recovery complete [pid 3656] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3656] chdir("./file0") = 0 [pid 3656] ioctl(4, LOOP_CLR_FD) = 0 [pid 3656] close(4) = 0 [pid 3656] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3656] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3656] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 53.496985][ T3657] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.518135][ T27] audit: type=1800 audit(1670141542.807:10): pid=3656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3656] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3656] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3656] exit_group(0) = ? [pid 3656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] chdir("./9") = 0 [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3658] munmap(0x7eff5e600000, 2097152) = 0 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] close(3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [ 53.762329][ T3658] loop0: detected capacity change from 0 to 4096 [ 53.776827][ T3658] NILFS (loop0): invalid segment: Checksum error in segment payload [ 53.785385][ T3658] NILFS (loop0): trying rollback from an earlier position [ 53.798691][ T3658] NILFS (loop0): recovery complete [pid 3658] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3658] chdir("./file0") = 0 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 53.804969][ T3659] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3658] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3658] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 53.832948][ T27] audit: type=1800 audit(1670141543.117:11): pid=3658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3658] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3658] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3658] exit_group(0) = ? [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3660 ./strace-static-x86_64: Process 3660 attached [pid 3660] chdir("./10") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] memfd_create("syzkaller", 0) = 3 [pid 3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3660] munmap(0x7eff5e600000, 2097152) = 0 [pid 3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3660] close(3) = 0 [pid 3660] mkdir("./file0", 0777) = 0 [pid 3660] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3660] chdir("./file0") = 0 [pid 3660] ioctl(4, LOOP_CLR_FD) = 0 [pid 3660] close(4) = 0 [pid 3660] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 54.088768][ T3660] loop0: detected capacity change from 0 to 4096 [ 54.103764][ T3660] NILFS (loop0): invalid segment: Checksum error in segment payload [ 54.111834][ T3660] NILFS (loop0): trying rollback from an earlier position [ 54.124923][ T3660] NILFS (loop0): recovery complete [pid 3660] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3660] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 54.131033][ T3661] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3660] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3660] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3660] exit_group(0) = ? [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3662 ./strace-static-x86_64: Process 3662 attached [pid 3662] chdir("./11") = 0 [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3662] memfd_create("syzkaller", 0) = 3 [pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3662] munmap(0x7eff5e600000, 2097152) = 0 [pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3662] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3662] close(3) = 0 [pid 3662] mkdir("./file0", 0777) = 0 [pid 3662] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3662] chdir("./file0") = 0 [ 54.391918][ T3662] loop0: detected capacity change from 0 to 4096 [ 54.407449][ T3662] NILFS (loop0): invalid segment: Checksum error in segment payload [ 54.415530][ T3662] NILFS (loop0): trying rollback from an earlier position [ 54.429115][ T3662] NILFS (loop0): recovery complete [pid 3662] ioctl(4, LOOP_CLR_FD) = 0 [pid 3662] close(4) = 0 [pid 3662] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3662] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3662] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 54.435616][ T3663] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3662] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3662] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3662] exit_group(0) = ? [pid 3662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] chdir("./12") = 0 [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3664] munmap(0x7eff5e600000, 2097152) = 0 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] close(3) = 0 [pid 3664] mkdir("./file0", 0777) = 0 [ 54.697558][ T3664] loop0: detected capacity change from 0 to 4096 [ 54.712912][ T3664] NILFS (loop0): invalid segment: Checksum error in segment payload [ 54.720966][ T3664] NILFS (loop0): trying rollback from an earlier position [ 54.734143][ T3664] NILFS (loop0): recovery complete [pid 3664] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3664] chdir("./file0") = 0 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3664] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3664] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 54.740313][ T3665] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3664] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3664] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3664] exit_group(0) = ? [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3666 ./strace-static-x86_64: Process 3666 attached [pid 3666] chdir("./13") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] memfd_create("syzkaller", 0) = 3 [pid 3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3666] munmap(0x7eff5e600000, 2097152) = 0 [pid 3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3666] close(3) = 0 [pid 3666] mkdir("./file0", 0777) = 0 [ 54.995504][ T3666] loop0: detected capacity change from 0 to 4096 [ 55.010631][ T3666] NILFS (loop0): invalid segment: Checksum error in segment payload [ 55.018879][ T3666] NILFS (loop0): trying rollback from an earlier position [ 55.031882][ T3666] NILFS (loop0): recovery complete [pid 3666] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3666] chdir("./file0") = 0 [pid 3666] ioctl(4, LOOP_CLR_FD) = 0 [pid 3666] close(4) = 0 [pid 3666] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3666] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3666] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 55.038246][ T3667] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3666] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3666] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3666] exit_group(0) = ? [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3668 ./strace-static-x86_64: Process 3668 attached [pid 3668] chdir("./14") = 0 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3668] setpgid(0, 0) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3668] write(3, "1000", 4) = 4 [pid 3668] close(3) = 0 [pid 3668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3668] memfd_create("syzkaller", 0) = 3 [pid 3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3668] munmap(0x7eff5e600000, 2097152) = 0 [pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3668] close(3) = 0 [pid 3668] mkdir("./file0", 0777) = 0 [ 55.300955][ T3668] loop0: detected capacity change from 0 to 4096 [ 55.316573][ T3668] NILFS (loop0): invalid segment: Checksum error in segment payload [ 55.324671][ T3668] NILFS (loop0): trying rollback from an earlier position [ 55.337853][ T3668] NILFS (loop0): recovery complete [pid 3668] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3668] chdir("./file0") = 0 [pid 3668] ioctl(4, LOOP_CLR_FD) = 0 [pid 3668] close(4) = 0 [pid 3668] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3668] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3668] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 55.343575][ T3669] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3668] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3668] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3668] exit_group(0) = ? [pid 3668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3670 attached , child_tidptr=0x5555555775d0) = 3670 [pid 3670] chdir("./15") = 0 [pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3670] setpgid(0, 0) = 0 [pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3670] write(3, "1000", 4) = 4 [pid 3670] close(3) = 0 [pid 3670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3670] munmap(0x7eff5e600000, 2097152) = 0 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] close(3) = 0 [pid 3670] mkdir("./file0", 0777) = 0 [ 55.624153][ T3670] loop0: detected capacity change from 0 to 4096 [ 55.638902][ T3670] NILFS (loop0): invalid segment: Checksum error in segment payload [ 55.646889][ T3670] NILFS (loop0): trying rollback from an earlier position [ 55.660625][ T3670] NILFS (loop0): recovery complete [pid 3670] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3670] chdir("./file0") = 0 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3670] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3670] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 55.666676][ T3671] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3670] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3670] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3670] exit_group(0) = ? [pid 3670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] chdir("./16") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] memfd_create("syzkaller", 0) = 3 [pid 3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3672] munmap(0x7eff5e600000, 2097152) = 0 [pid 3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3672] close(3) = 0 [pid 3672] mkdir("./file0", 0777) = 0 [ 55.946839][ T3672] loop0: detected capacity change from 0 to 4096 [ 55.963426][ T3672] NILFS (loop0): invalid segment: Checksum error in segment payload [ 55.971507][ T3672] NILFS (loop0): trying rollback from an earlier position [ 55.984951][ T3672] NILFS (loop0): recovery complete [pid 3672] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3672] chdir("./file0") = 0 [pid 3672] ioctl(4, LOOP_CLR_FD) = 0 [pid 3672] close(4) = 0 [pid 3672] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3672] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3672] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 55.990866][ T3673] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.004117][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 56.004126][ T27] audit: type=1800 audit(1670141545.287:18): pid=3672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3672] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3672] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3672] exit_group(0) = ? [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3674 ./strace-static-x86_64: Process 3674 attached [pid 3674] chdir("./17") = 0 [pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3674] setpgid(0, 0) = 0 [pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3674] write(3, "1000", 4) = 4 [pid 3674] close(3) = 0 [pid 3674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3674] memfd_create("syzkaller", 0) = 3 [pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3674] munmap(0x7eff5e600000, 2097152) = 0 [pid 3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3674] close(3) = 0 [pid 3674] mkdir("./file0", 0777) = 0 [pid 3674] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 56.268515][ T3674] loop0: detected capacity change from 0 to 4096 [ 56.283405][ T3674] NILFS (loop0): invalid segment: Checksum error in segment payload [ 56.291502][ T3674] NILFS (loop0): trying rollback from an earlier position [ 56.303927][ T3674] NILFS (loop0): recovery complete [pid 3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3674] chdir("./file0") = 0 [pid 3674] ioctl(4, LOOP_CLR_FD) = 0 [pid 3674] close(4) = 0 [pid 3674] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 56.310160][ T3675] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3674] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3674] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 56.340337][ T27] audit: type=1800 audit(1670141545.627:19): pid=3674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3674] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3674] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3674] exit_group(0) = ? [pid 3674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3676 attached [pid 3676] chdir("./18" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3676 [pid 3676] <... chdir resumed>) = 0 [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3676] munmap(0x7eff5e600000, 2097152) = 0 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] close(3) = 0 [pid 3676] mkdir("./file0", 0777) = 0 [ 56.585919][ T3676] loop0: detected capacity change from 0 to 4096 [ 56.601187][ T3676] NILFS (loop0): invalid segment: Checksum error in segment payload [ 56.609402][ T3676] NILFS (loop0): trying rollback from an earlier position [ 56.622496][ T3676] NILFS (loop0): recovery complete [pid 3676] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3676] chdir("./file0") = 0 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3676] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3676] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 56.628372][ T3677] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.644977][ T27] audit: type=1800 audit(1670141545.927:20): pid=3676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3676] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3676] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3676] exit_group(0) = ? [pid 3676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3678 attached , child_tidptr=0x5555555775d0) = 3678 [pid 3678] chdir("./19") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] memfd_create("syzkaller", 0) = 3 [pid 3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3678] munmap(0x7eff5e600000, 2097152) = 0 [pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3678] close(3) = 0 [pid 3678] mkdir("./file0", 0777) = 0 [ 56.923511][ T3678] loop0: detected capacity change from 0 to 4096 [ 56.939496][ T3678] NILFS (loop0): invalid segment: Checksum error in segment payload [ 56.947567][ T3678] NILFS (loop0): trying rollback from an earlier position [ 56.960651][ T3678] NILFS (loop0): recovery complete [pid 3678] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3678] chdir("./file0") = 0 [pid 3678] ioctl(4, LOOP_CLR_FD) = 0 [pid 3678] close(4) = 0 [pid 3678] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 56.966517][ T3679] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3678] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3678] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 56.997975][ T27] audit: type=1800 audit(1670141546.287:21): pid=3678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3678] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3678] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3678] exit_group(0) = ? [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3680 attached , child_tidptr=0x5555555775d0) = 3680 [pid 3680] chdir("./20") = 0 [pid 3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3680] setpgid(0, 0) = 0 [pid 3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3680] write(3, "1000", 4) = 4 [pid 3680] close(3) = 0 [pid 3680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3680] memfd_create("syzkaller", 0) = 3 [pid 3680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3680] munmap(0x7eff5e600000, 2097152) = 0 [pid 3680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3680] close(3) = 0 [pid 3680] mkdir("./file0", 0777) = 0 [ 57.259174][ T3680] loop0: detected capacity change from 0 to 4096 [ 57.275355][ T3680] NILFS (loop0): invalid segment: Checksum error in segment payload [ 57.283422][ T3680] NILFS (loop0): trying rollback from an earlier position [ 57.297935][ T3680] NILFS (loop0): recovery complete [pid 3680] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3680] chdir("./file0") = 0 [pid 3680] ioctl(4, LOOP_CLR_FD) = 0 [pid 3680] close(4) = 0 [pid 3680] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 57.303799][ T3681] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3680] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3680] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 57.338124][ T27] audit: type=1800 audit(1670141546.627:22): pid=3680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3680] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3680] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3680] exit_group(0) = ? [pid 3680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3682 ./strace-static-x86_64: Process 3682 attached [pid 3682] chdir("./21") = 0 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3682] memfd_create("syzkaller", 0) = 3 [pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3682] munmap(0x7eff5e600000, 2097152) = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3682] close(3) = 0 [pid 3682] mkdir("./file0", 0777) = 0 [ 57.583324][ T3682] loop0: detected capacity change from 0 to 4096 [ 57.599157][ T3682] NILFS (loop0): invalid segment: Checksum error in segment payload [ 57.607178][ T3682] NILFS (loop0): trying rollback from an earlier position [ 57.620359][ T3682] NILFS (loop0): recovery complete [pid 3682] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3682] chdir("./file0") = 0 [pid 3682] ioctl(4, LOOP_CLR_FD) = 0 [pid 3682] close(4) = 0 [pid 3682] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3682] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3682] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 57.626566][ T3683] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.644259][ T27] audit: type=1800 audit(1670141546.917:23): pid=3682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3682] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3682] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3682] exit_group(0) = ? [pid 3682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] chdir("./22") = 0 [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3684] memfd_create("syzkaller", 0) = 3 [pid 3684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3684] munmap(0x7eff5e600000, 2097152) = 0 [pid 3684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3684] close(3) = 0 [pid 3684] mkdir("./file0", 0777) = 0 [pid 3684] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3684] chdir("./file0") = 0 [pid 3684] ioctl(4, LOOP_CLR_FD) = 0 [pid 3684] close(4) = 0 [pid 3684] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 57.889698][ T3684] loop0: detected capacity change from 0 to 4096 [ 57.904926][ T3684] NILFS (loop0): invalid segment: Checksum error in segment payload [ 57.913101][ T3684] NILFS (loop0): trying rollback from an earlier position [ 57.926156][ T3684] NILFS (loop0): recovery complete [pid 3684] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3684] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 57.933136][ T3685] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.947422][ T27] audit: type=1800 audit(1670141547.227:24): pid=3684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3684] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3684] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3684] exit_group(0) = ? [pid 3684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3686 ./strace-static-x86_64: Process 3686 attached [pid 3686] chdir("./23") = 0 [pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3686] setpgid(0, 0) = 0 [pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3686] write(3, "1000", 4) = 4 [pid 3686] close(3) = 0 [pid 3686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3686] memfd_create("syzkaller", 0) = 3 [pid 3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3686] munmap(0x7eff5e600000, 2097152) = 0 [pid 3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3686] close(3) = 0 [pid 3686] mkdir("./file0", 0777) = 0 [ 58.198052][ T3686] loop0: detected capacity change from 0 to 4096 [ 58.215098][ T3686] NILFS (loop0): invalid segment: Checksum error in segment payload [ 58.223436][ T3686] NILFS (loop0): trying rollback from an earlier position [ 58.236801][ T3686] NILFS (loop0): recovery complete [pid 3686] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3686] chdir("./file0") = 0 [pid 3686] ioctl(4, LOOP_CLR_FD) = 0 [pid 3686] close(4) = 0 [pid 3686] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3686] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3686] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 58.243388][ T3687] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.257453][ T27] audit: type=1800 audit(1670141547.537:25): pid=3686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3686] sendfile(4, 5, NULL, 140737974943952) = 65536 [pid 3686] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3686] exit_group(0) = ? [pid 3686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3688 [ 58.292808][ T3687] NILFS (loop0): nilfs_direct_assign (ino=6): invalid key: 130 [ 58.300740][ T3687] NILFS error (device loop0): nilfs_bmap_assign: broken bmap (inode number=6) [ 58.311476][ T3687] Remounting filesystem read-only ./strace-static-x86_64: Process 3688 attached [pid 3688] chdir("./24") = 0 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3688] memfd_create("syzkaller", 0) = 3 [pid 3688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3688] munmap(0x7eff5e600000, 2097152) = 0 [pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3688] close(3) = 0 [pid 3688] mkdir("./file0", 0777) = 0 [ 58.395745][ T3688] loop0: detected capacity change from 0 to 4096 [ 58.413089][ T3688] NILFS (loop0): invalid segment: Checksum error in segment payload [ 58.421199][ T3688] NILFS (loop0): trying rollback from an earlier position [ 58.435868][ T3688] NILFS (loop0): recovery complete [pid 3688] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3688] chdir("./file0") = 0 [pid 3688] ioctl(4, LOOP_CLR_FD) = 0 [pid 3688] close(4) = 0 [pid 3688] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3688] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3688] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 58.442424][ T3689] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.468470][ T27] audit: type=1800 audit(1670141547.757:26): pid=3688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3688] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3688] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3688] exit_group(0) = ? [pid 3688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3690 ./strace-static-x86_64: Process 3690 attached [pid 3690] chdir("./25") = 0 [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3690] memfd_create("syzkaller", 0) = 3 [pid 3690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3690] munmap(0x7eff5e600000, 2097152) = 0 [pid 3690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3690] close(3) = 0 [pid 3690] mkdir("./file0", 0777) = 0 [ 58.718613][ T3690] loop0: detected capacity change from 0 to 4096 [ 58.737154][ T3690] NILFS (loop0): invalid segment: Checksum error in segment payload [ 58.745274][ T3690] NILFS (loop0): trying rollback from an earlier position [ 58.760101][ T3690] NILFS (loop0): recovery complete [pid 3690] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3690] chdir("./file0") = 0 [pid 3690] ioctl(4, LOOP_CLR_FD) = 0 [pid 3690] close(4) = 0 [pid 3690] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3690] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 58.766717][ T3691] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.791924][ T27] audit: type=1800 audit(1670141548.077:27): pid=3690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3690] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3690] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3690] exit_group(0) = ? [pid 3690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3692 ./strace-static-x86_64: Process 3692 attached [pid 3692] chdir("./26") = 0 [pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3692] setpgid(0, 0) = 0 [pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3692] write(3, "1000", 4) = 4 [pid 3692] close(3) = 0 [pid 3692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3692] memfd_create("syzkaller", 0) = 3 [pid 3692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3692] munmap(0x7eff5e600000, 2097152) = 0 [pid 3692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3692] close(3) = 0 [pid 3692] mkdir("./file0", 0777) = 0 [ 59.043802][ T3692] loop0: detected capacity change from 0 to 4096 [ 59.059184][ T3692] NILFS (loop0): invalid segment: Checksum error in segment payload [ 59.067199][ T3692] NILFS (loop0): trying rollback from an earlier position [ 59.080741][ T3692] NILFS (loop0): recovery complete [pid 3692] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3692] chdir("./file0") = 0 [pid 3692] ioctl(4, LOOP_CLR_FD) = 0 [pid 3692] close(4) = 0 [pid 3692] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3692] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3692] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 59.086661][ T3693] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3692] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3692] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3692] exit_group(0) = ? [pid 3692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3694 attached , child_tidptr=0x5555555775d0) = 3694 [pid 3694] chdir("./27") = 0 [pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3694] setpgid(0, 0) = 0 [pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3694] write(3, "1000", 4) = 4 [pid 3694] close(3) = 0 [pid 3694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3694] memfd_create("syzkaller", 0) = 3 [pid 3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3694] munmap(0x7eff5e600000, 2097152) = 0 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3694] close(3) = 0 [pid 3694] mkdir("./file0", 0777) = 0 [ 59.342454][ T3694] loop0: detected capacity change from 0 to 4096 [ 59.357956][ T3694] NILFS (loop0): invalid segment: Checksum error in segment payload [ 59.365981][ T3694] NILFS (loop0): trying rollback from an earlier position [ 59.380090][ T3694] NILFS (loop0): recovery complete [pid 3694] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3694] chdir("./file0") = 0 [pid 3694] ioctl(4, LOOP_CLR_FD) = 0 [pid 3694] close(4) = 0 [pid 3694] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3694] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3694] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 59.386357][ T3695] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3694] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3694] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3694] exit_group(0) = ? [pid 3694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3696 ./strace-static-x86_64: Process 3696 attached [pid 3696] chdir("./28") = 0 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3696] memfd_create("syzkaller", 0) = 3 [pid 3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3696] munmap(0x7eff5e600000, 2097152) = 0 [pid 3696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3696] close(3) = 0 [pid 3696] mkdir("./file0", 0777) = 0 [ 59.644787][ T3696] loop0: detected capacity change from 0 to 4096 [ 59.670101][ T3696] NILFS (loop0): invalid segment: Checksum error in segment payload [ 59.678123][ T3696] NILFS (loop0): trying rollback from an earlier position [pid 3696] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3696] chdir("./file0") = 0 [pid 3696] ioctl(4, LOOP_CLR_FD) = 0 [pid 3696] close(4) = 0 [pid 3696] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3696] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3696] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 59.691188][ T3696] NILFS (loop0): recovery complete [ 59.697147][ T3697] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3696] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3696] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3696] exit_group(0) = ? [pid 3696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3698 ./strace-static-x86_64: Process 3698 attached [pid 3698] chdir("./29") = 0 [pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3698] setpgid(0, 0) = 0 [pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3698] write(3, "1000", 4) = 4 [pid 3698] close(3) = 0 [pid 3698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3698] memfd_create("syzkaller", 0) = 3 [pid 3698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3698] munmap(0x7eff5e600000, 2097152) = 0 [pid 3698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3698] close(3) = 0 [pid 3698] mkdir("./file0", 0777) = 0 [pid 3698] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3698] chdir("./file0") = 0 [pid 3698] ioctl(4, LOOP_CLR_FD) = 0 [pid 3698] close(4) = 0 [pid 3698] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 59.982569][ T3698] loop0: detected capacity change from 0 to 4096 [ 59.997856][ T3698] NILFS (loop0): invalid segment: Checksum error in segment payload [ 60.005871][ T3698] NILFS (loop0): trying rollback from an earlier position [ 60.019441][ T3698] NILFS (loop0): recovery complete [pid 3698] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3698] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 60.037633][ T3699] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3698] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3698] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3698] exit_group(0) = ? [pid 3698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3700 ./strace-static-x86_64: Process 3700 attached [pid 3700] chdir("./30") = 0 [pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3700] setpgid(0, 0) = 0 [pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3700] write(3, "1000", 4) = 4 [pid 3700] close(3) = 0 [pid 3700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3700] memfd_create("syzkaller", 0) = 3 [pid 3700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3700] munmap(0x7eff5e600000, 2097152) = 0 [pid 3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3700] close(3) = 0 [pid 3700] mkdir("./file0", 0777) = 0 [ 60.273338][ T3700] loop0: detected capacity change from 0 to 4096 [ 60.289457][ T3700] NILFS (loop0): invalid segment: Checksum error in segment payload [ 60.297535][ T3700] NILFS (loop0): trying rollback from an earlier position [ 60.310812][ T3700] NILFS (loop0): recovery complete [pid 3700] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3700] chdir("./file0") = 0 [pid 3700] ioctl(4, LOOP_CLR_FD) = 0 [pid 3700] close(4) = 0 [pid 3700] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3700] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3700] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 60.317796][ T3701] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3700] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3700] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3700] exit_group(0) = ? [pid 3700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3702 ./strace-static-x86_64: Process 3702 attached [pid 3702] chdir("./31") = 0 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3702] memfd_create("syzkaller", 0) = 3 [pid 3702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3702] munmap(0x7eff5e600000, 2097152) = 0 [pid 3702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3702] close(3) = 0 [pid 3702] mkdir("./file0", 0777) = 0 [ 60.569576][ T3702] loop0: detected capacity change from 0 to 4096 [ 60.583460][ T3702] NILFS (loop0): invalid segment: Checksum error in segment payload [ 60.591617][ T3702] NILFS (loop0): trying rollback from an earlier position [ 60.605739][ T3702] NILFS (loop0): recovery complete [pid 3702] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3702] chdir("./file0") = 0 [pid 3702] ioctl(4, LOOP_CLR_FD) = 0 [pid 3702] close(4) = 0 [pid 3702] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3702] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3702] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 60.612697][ T3703] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3702] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3702] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3702] exit_group(0) = ? [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3704 attached [pid 3704] chdir("./32") = 0 [pid 3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3704] setpgid(0, 0) = 0 [pid 3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3704] write(3, "1000", 4) = 4 [pid 3704] close(3) = 0 [pid 3704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3704 [pid 3704] memfd_create("syzkaller", 0) = 3 [pid 3704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3704] munmap(0x7eff5e600000, 2097152) = 0 [pid 3704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3704] close(3) = 0 [pid 3704] mkdir("./file0", 0777) = 0 [ 60.873125][ T3704] loop0: detected capacity change from 0 to 4096 [ 60.890105][ T3704] NILFS (loop0): invalid segment: Checksum error in segment payload [ 60.898197][ T3704] NILFS (loop0): trying rollback from an earlier position [ 60.911809][ T3704] NILFS (loop0): recovery complete [pid 3704] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3704] chdir("./file0") = 0 [pid 3704] ioctl(4, LOOP_CLR_FD) = 0 [pid 3704] close(4) = 0 [pid 3704] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3704] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3704] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 60.918298][ T3705] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3704] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3704] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3704] exit_group(0) = ? [pid 3704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3706 ./strace-static-x86_64: Process 3706 attached [pid 3706] chdir("./33") = 0 [pid 3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3706] setpgid(0, 0) = 0 [pid 3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3706] write(3, "1000", 4) = 4 [pid 3706] close(3) = 0 [pid 3706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3706] memfd_create("syzkaller", 0) = 3 [pid 3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3706] munmap(0x7eff5e600000, 2097152) = 0 [pid 3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3706] close(3) = 0 [pid 3706] mkdir("./file0", 0777) = 0 [pid 3706] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3706] chdir("./file0") = 0 [pid 3706] ioctl(4, LOOP_CLR_FD) = 0 [ 61.189961][ T3706] loop0: detected capacity change from 0 to 4096 [ 61.204121][ T3706] NILFS (loop0): invalid segment: Checksum error in segment payload [ 61.212766][ T3706] NILFS (loop0): trying rollback from an earlier position [ 61.225998][ T3706] NILFS (loop0): recovery complete [pid 3706] close(4) = 0 [pid 3706] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3706] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3706] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 61.232646][ T3707] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.248014][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 61.248026][ T27] audit: type=1800 audit(1670141550.537:35): pid=3706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3706] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3706] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3706] exit_group(0) = ? [pid 3706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3708 ./strace-static-x86_64: Process 3708 attached [pid 3708] chdir("./34") = 0 [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3708] memfd_create("syzkaller", 0) = 3 [pid 3708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3708] munmap(0x7eff5e600000, 2097152) = 0 [pid 3708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3708] close(3) = 0 [pid 3708] mkdir("./file0", 0777) = 0 [ 61.523571][ T3708] loop0: detected capacity change from 0 to 4096 [ 61.549335][ T3708] NILFS (loop0): invalid segment: Checksum error in segment payload [ 61.557435][ T3708] NILFS (loop0): trying rollback from an earlier position [pid 3708] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3708] chdir("./file0") = 0 [pid 3708] ioctl(4, LOOP_CLR_FD) = 0 [pid 3708] close(4) = 0 [pid 3708] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3708] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3708] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 61.571369][ T3708] NILFS (loop0): recovery complete [ 61.577555][ T3709] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.589311][ T27] audit: type=1800 audit(1670141550.877:36): pid=3708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3708] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3708] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3708] exit_group(0) = ? [pid 3708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3710 ./strace-static-x86_64: Process 3710 attached [pid 3710] chdir("./35") = 0 [pid 3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3710] setpgid(0, 0) = 0 [pid 3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3710] write(3, "1000", 4) = 4 [pid 3710] close(3) = 0 [pid 3710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3710] memfd_create("syzkaller", 0) = 3 [pid 3710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3710] munmap(0x7eff5e600000, 2097152) = 0 [pid 3710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3710] close(3) = 0 [pid 3710] mkdir("./file0", 0777) = 0 [ 61.848382][ T3710] loop0: detected capacity change from 0 to 4096 [ 61.862935][ T3710] NILFS (loop0): invalid segment: Checksum error in segment payload [ 61.871102][ T3710] NILFS (loop0): trying rollback from an earlier position [ 61.884598][ T3710] NILFS (loop0): recovery complete [pid 3710] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3710] chdir("./file0") = 0 [pid 3710] ioctl(4, LOOP_CLR_FD) = 0 [pid 3710] close(4) = 0 [pid 3710] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3710] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 61.890555][ T3711] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.907453][ T27] audit: type=1800 audit(1670141551.187:37): pid=3710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3710] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3710] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3710] exit_group(0) = ? [pid 3710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3712 attached , child_tidptr=0x5555555775d0) = 3712 [pid 3712] chdir("./36") = 0 [pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3712] setpgid(0, 0) = 0 [pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3712] write(3, "1000", 4) = 4 [pid 3712] close(3) = 0 [pid 3712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3712] munmap(0x7eff5e600000, 2097152) = 0 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] close(3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [pid 3712] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3712] chdir("./file0") = 0 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 62.163284][ T3712] loop0: detected capacity change from 0 to 4096 [ 62.177579][ T3712] NILFS (loop0): invalid segment: Checksum error in segment payload [ 62.185582][ T3712] NILFS (loop0): trying rollback from an earlier position [ 62.200380][ T3712] NILFS (loop0): recovery complete [pid 3712] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3712] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 62.206527][ T3713] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.227505][ T27] audit: type=1800 audit(1670141551.497:38): pid=3712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3712] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3712] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3712] exit_group(0) = ? [pid 3712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3714 ./strace-static-x86_64: Process 3714 attached [pid 3714] chdir("./37") = 0 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3714] memfd_create("syzkaller", 0) = 3 [pid 3714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3714] munmap(0x7eff5e600000, 2097152) = 0 [pid 3714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3714] close(3) = 0 [pid 3714] mkdir("./file0", 0777) = 0 [ 62.476819][ T3714] loop0: detected capacity change from 0 to 4096 [ 62.502860][ T3714] NILFS (loop0): invalid segment: Checksum error in segment payload [ 62.510907][ T3714] NILFS (loop0): trying rollback from an earlier position [pid 3714] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3714] chdir("./file0") = 0 [pid 3714] ioctl(4, LOOP_CLR_FD) = 0 [pid 3714] close(4) = 0 [pid 3714] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3714] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3714] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 62.524235][ T3714] NILFS (loop0): recovery complete [ 62.530727][ T3715] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.562627][ T27] audit: type=1800 audit(1670141551.847:39): pid=3714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3714] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3714] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3714] exit_group(0) = ? [pid 3714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3716 ./strace-static-x86_64: Process 3716 attached [pid 3716] chdir("./38") = 0 [pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3716] setpgid(0, 0) = 0 [pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3716] write(3, "1000", 4) = 4 [pid 3716] close(3) = 0 [pid 3716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3716] memfd_create("syzkaller", 0) = 3 [pid 3716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3716] munmap(0x7eff5e600000, 2097152) = 0 [pid 3716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3716] close(3) = 0 [pid 3716] mkdir("./file0", 0777) = 0 [pid 3716] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3716] chdir("./file0") = 0 [ 62.810086][ T3716] loop0: detected capacity change from 0 to 4096 [ 62.825912][ T3716] NILFS (loop0): invalid segment: Checksum error in segment payload [ 62.834062][ T3716] NILFS (loop0): trying rollback from an earlier position [ 62.846130][ T3716] NILFS (loop0): recovery complete [pid 3716] ioctl(4, LOOP_CLR_FD) = 0 [pid 3716] close(4) = 0 [pid 3716] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3716] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3716] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 62.852995][ T3717] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.867143][ T27] audit: type=1800 audit(1670141552.147:40): pid=3716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3716] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3716] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3716] exit_group(0) = ? [pid 3716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3718 ./strace-static-x86_64: Process 3718 attached [pid 3718] chdir("./39") = 0 [pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3718] setpgid(0, 0) = 0 [pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3718] write(3, "1000", 4) = 4 [pid 3718] close(3) = 0 [pid 3718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3718] memfd_create("syzkaller", 0) = 3 [pid 3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3718] munmap(0x7eff5e600000, 2097152) = 0 [pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3718] close(3) = 0 [pid 3718] mkdir("./file0", 0777) = 0 [ 63.112141][ T3718] loop0: detected capacity change from 0 to 4096 [ 63.128871][ T3718] NILFS (loop0): invalid segment: Checksum error in segment payload [ 63.136917][ T3718] NILFS (loop0): trying rollback from an earlier position [ 63.151749][ T3718] NILFS (loop0): recovery complete [pid 3718] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3718] chdir("./file0") = 0 [pid 3718] ioctl(4, LOOP_CLR_FD) = 0 [pid 3718] close(4) = 0 [pid 3718] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3718] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3718] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 63.158026][ T3719] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.183103][ T27] audit: type=1800 audit(1670141552.467:41): pid=3718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3718] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3718] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3718] exit_group(0) = ? [pid 3718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3720 ./strace-static-x86_64: Process 3720 attached [pid 3720] chdir("./40") = 0 [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3720] memfd_create("syzkaller", 0) = 3 [pid 3720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3720] munmap(0x7eff5e600000, 2097152) = 0 [pid 3720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3720] close(3) = 0 [pid 3720] mkdir("./file0", 0777) = 0 [ 63.419049][ T3720] loop0: detected capacity change from 0 to 4096 [ 63.436336][ T3720] NILFS (loop0): invalid segment: Checksum error in segment payload [ 63.444578][ T3720] NILFS (loop0): trying rollback from an earlier position [ 63.459159][ T3720] NILFS (loop0): recovery complete [pid 3720] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3720] chdir("./file0") = 0 [pid 3720] ioctl(4, LOOP_CLR_FD) = 0 [pid 3720] close(4) = 0 [pid 3720] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3720] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3720] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 63.465256][ T3721] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.468955][ T27] audit: type=1800 audit(1670141552.757:42): pid=3720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3720] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3720] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3720] exit_group(0) = ? [pid 3720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3722] chdir("./41") = 0 [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3722] memfd_create("syzkaller", 0) = 3 [pid 3722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3722] munmap(0x7eff5e600000, 2097152) = 0 [pid 3722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3722] close(3) = 0 [pid 3722] mkdir("./file0", 0777) = 0 [ 63.752483][ T3722] loop0: detected capacity change from 0 to 4096 [ 63.768440][ T3722] NILFS (loop0): invalid segment: Checksum error in segment payload [ 63.776449][ T3722] NILFS (loop0): trying rollback from an earlier position [ 63.790715][ T3722] NILFS (loop0): recovery complete [pid 3722] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3722] chdir("./file0") = 0 [pid 3722] ioctl(4, LOOP_CLR_FD) = 0 [pid 3722] close(4) = 0 [pid 3722] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3722] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3722] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 63.797239][ T3723] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.820369][ T27] audit: type=1800 audit(1670141553.107:43): pid=3722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3722] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3722] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3722] exit_group(0) = ? [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3724 ./strace-static-x86_64: Process 3724 attached [pid 3724] chdir("./42") = 0 [pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3724] setpgid(0, 0) = 0 [pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3724] write(3, "1000", 4) = 4 [pid 3724] close(3) = 0 [pid 3724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3724] memfd_create("syzkaller", 0) = 3 [pid 3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3724] munmap(0x7eff5e600000, 2097152) = 0 [pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3724] close(3) = 0 [pid 3724] mkdir("./file0", 0777) = 0 [pid 3724] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 64.070469][ T3724] loop0: detected capacity change from 0 to 4096 [ 64.085387][ T3724] NILFS (loop0): invalid segment: Checksum error in segment payload [ 64.093456][ T3724] NILFS (loop0): trying rollback from an earlier position [ 64.106613][ T3724] NILFS (loop0): recovery complete [pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3724] chdir("./file0") = 0 [pid 3724] ioctl(4, LOOP_CLR_FD) = 0 [pid 3724] close(4) = 0 [pid 3724] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3724] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3724] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 64.113737][ T3725] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.136279][ T27] audit: type=1800 audit(1670141553.417:44): pid=3724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3724] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3724] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3724] exit_group(0) = ? [pid 3724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached [pid 3726] chdir("./43" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3726 [pid 3726] <... chdir resumed>) = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] memfd_create("syzkaller", 0) = 3 [pid 3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3726] munmap(0x7eff5e600000, 2097152) = 0 [pid 3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3726] close(3) = 0 [pid 3726] mkdir("./file0", 0777) = 0 [ 64.395441][ T3726] loop0: detected capacity change from 0 to 4096 [ 64.410432][ T3726] NILFS (loop0): invalid segment: Checksum error in segment payload [ 64.418459][ T3726] NILFS (loop0): trying rollback from an earlier position [ 64.431903][ T3726] NILFS (loop0): recovery complete [pid 3726] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3726] chdir("./file0") = 0 [pid 3726] ioctl(4, LOOP_CLR_FD) = 0 [pid 3726] close(4) = 0 [pid 3726] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3726] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3726] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 64.437914][ T3727] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3726] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3726] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3726] exit_group(0) = ? [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3728 attached , child_tidptr=0x5555555775d0) = 3728 [pid 3728] chdir("./44") = 0 [pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3728] setpgid(0, 0) = 0 [pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3728] write(3, "1000", 4) = 4 [pid 3728] close(3) = 0 [pid 3728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3728] memfd_create("syzkaller", 0) = 3 [pid 3728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3728] munmap(0x7eff5e600000, 2097152) = 0 [pid 3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3728] close(3) = 0 [pid 3728] mkdir("./file0", 0777) = 0 [ 64.704994][ T3728] loop0: detected capacity change from 0 to 4096 [ 64.720561][ T3728] NILFS (loop0): invalid segment: Checksum error in segment payload [ 64.728706][ T3728] NILFS (loop0): trying rollback from an earlier position [ 64.741888][ T3728] NILFS (loop0): recovery complete [pid 3728] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3728] chdir("./file0") = 0 [pid 3728] ioctl(4, LOOP_CLR_FD) = 0 [pid 3728] close(4) = 0 [pid 3728] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3728] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3728] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 64.747848][ T3729] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3728] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3728] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3728] exit_group(0) = ? [pid 3728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3730 ./strace-static-x86_64: Process 3730 attached [pid 3730] chdir("./45") = 0 [pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3730] setpgid(0, 0) = 0 [pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3730] write(3, "1000", 4) = 4 [pid 3730] close(3) = 0 [pid 3730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3730] memfd_create("syzkaller", 0) = 3 [pid 3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3730] munmap(0x7eff5e600000, 2097152) = 0 [pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3730] close(3) = 0 [pid 3730] mkdir("./file0", 0777) = 0 [ 65.013298][ T3730] loop0: detected capacity change from 0 to 4096 [ 65.029493][ T3730] NILFS (loop0): invalid segment: Checksum error in segment payload [ 65.037598][ T3730] NILFS (loop0): trying rollback from an earlier position [ 65.050411][ T3730] NILFS (loop0): recovery complete [pid 3730] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3730] chdir("./file0") = 0 [pid 3730] ioctl(4, LOOP_CLR_FD) = 0 [pid 3730] close(4) = 0 [pid 3730] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3730] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3730] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 65.056295][ T3731] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3730] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3730] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3730] exit_group(0) = ? [pid 3730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] chdir("./46") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] memfd_create("syzkaller", 0) = 3 [pid 3732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3732] munmap(0x7eff5e600000, 2097152) = 0 [pid 3732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3732] close(3) = 0 [pid 3732] mkdir("./file0", 0777) = 0 [ 65.310356][ T3732] loop0: detected capacity change from 0 to 4096 [ 65.324491][ T3732] NILFS (loop0): invalid segment: Checksum error in segment payload [ 65.332504][ T3732] NILFS (loop0): trying rollback from an earlier position [ 65.345627][ T3732] NILFS (loop0): recovery complete [pid 3732] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3732] chdir("./file0") = 0 [pid 3732] ioctl(4, LOOP_CLR_FD) = 0 [pid 3732] close(4) = 0 [pid 3732] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3732] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3732] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 65.351798][ T3733] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3732] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3732] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3732] exit_group(0) = ? [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3734 ./strace-static-x86_64: Process 3734 attached [pid 3734] chdir("./47") = 0 [pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3734] setpgid(0, 0) = 0 [pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3734] write(3, "1000", 4) = 4 [pid 3734] close(3) = 0 [pid 3734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3734] memfd_create("syzkaller", 0) = 3 [pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3734] munmap(0x7eff5e600000, 2097152) = 0 [pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3734] close(3) = 0 [pid 3734] mkdir("./file0", 0777) = 0 [ 65.592328][ T3734] loop0: detected capacity change from 0 to 4096 [ 65.606949][ T3734] NILFS (loop0): invalid segment: Checksum error in segment payload [ 65.615319][ T3734] NILFS (loop0): trying rollback from an earlier position [ 65.628471][ T3734] NILFS (loop0): recovery complete [pid 3734] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3734] chdir("./file0") = 0 [pid 3734] ioctl(4, LOOP_CLR_FD) = 0 [pid 3734] close(4) = 0 [pid 3734] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3734] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3734] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 65.634502][ T3735] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3734] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3734] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3734] exit_group(0) = ? [pid 3734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3736 ./strace-static-x86_64: Process 3736 attached [pid 3736] chdir("./48") = 0 [pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3736] setpgid(0, 0) = 0 [pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3736] write(3, "1000", 4) = 4 [pid 3736] close(3) = 0 [pid 3736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3736] memfd_create("syzkaller", 0) = 3 [pid 3736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3736] munmap(0x7eff5e600000, 2097152) = 0 [pid 3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3736] close(3) = 0 [pid 3736] mkdir("./file0", 0777) = 0 [ 65.865133][ T3736] loop0: detected capacity change from 0 to 4096 [ 65.880936][ T3736] NILFS (loop0): invalid segment: Checksum error in segment payload [ 65.889033][ T3736] NILFS (loop0): trying rollback from an earlier position [ 65.901141][ T3736] NILFS (loop0): recovery complete [pid 3736] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3736] chdir("./file0") = 0 [pid 3736] ioctl(4, LOOP_CLR_FD) = 0 [pid 3736] close(4) = 0 [pid 3736] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3736] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3736] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 65.907219][ T3737] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3736] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3736] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3736] exit_group(0) = ? [pid 3736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3738 attached [pid 3738] chdir("./49") = 0 [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3738 [pid 3738] <... openat resumed>) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3738] memfd_create("syzkaller", 0) = 3 [pid 3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3738] munmap(0x7eff5e600000, 2097152) = 0 [pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3738] close(3) = 0 [pid 3738] mkdir("./file0", 0777) = 0 [ 66.167232][ T3738] loop0: detected capacity change from 0 to 4096 [ 66.182807][ T3738] NILFS (loop0): invalid segment: Checksum error in segment payload [ 66.190828][ T3738] NILFS (loop0): trying rollback from an earlier position [ 66.204403][ T3738] NILFS (loop0): recovery complete [pid 3738] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3738] chdir("./file0") = 0 [pid 3738] ioctl(4, LOOP_CLR_FD) = 0 [pid 3738] close(4) = 0 [pid 3738] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3738] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3738] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 66.210542][ T3739] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3738] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3738] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3738] exit_group(0) = ? [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3740 ./strace-static-x86_64: Process 3740 attached [pid 3740] chdir("./50") = 0 [pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3740] setpgid(0, 0) = 0 [pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3740] write(3, "1000", 4) = 4 [pid 3740] close(3) = 0 [pid 3740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3740] memfd_create("syzkaller", 0) = 3 [pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3740] munmap(0x7eff5e600000, 2097152) = 0 [pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3740] close(3) = 0 [pid 3740] mkdir("./file0", 0777) = 0 [pid 3740] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3740] chdir("./file0") = 0 [pid 3740] ioctl(4, LOOP_CLR_FD) = 0 [ 66.454232][ T3740] loop0: detected capacity change from 0 to 4096 [ 66.469530][ T3740] NILFS (loop0): invalid segment: Checksum error in segment payload [ 66.477619][ T3740] NILFS (loop0): trying rollback from an earlier position [ 66.491108][ T3740] NILFS (loop0): recovery complete [pid 3740] close(4) = 0 [pid 3740] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3740] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3740] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 66.497120][ T3741] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.510549][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 66.510560][ T27] audit: type=1800 audit(1670141555.797:52): pid=3740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3740] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3740] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3740] exit_group(0) = ? [pid 3740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3742] chdir("./51") = 0 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3742] memfd_create("syzkaller", 0) = 3 [pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3742] munmap(0x7eff5e600000, 2097152) = 0 [pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3742] close(3) = 0 [pid 3742] mkdir("./file0", 0777) = 0 [pid 3742] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3742] chdir("./file0") = 0 [pid 3742] ioctl(4, LOOP_CLR_FD) = 0 [ 66.780448][ T3742] loop0: detected capacity change from 0 to 4096 [ 66.794323][ T3742] NILFS (loop0): invalid segment: Checksum error in segment payload [ 66.802402][ T3742] NILFS (loop0): trying rollback from an earlier position [ 66.815691][ T3742] NILFS (loop0): recovery complete [pid 3742] close(4) = 0 [pid 3742] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3742] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3742] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 66.822025][ T3743] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.835835][ T27] audit: type=1800 audit(1670141556.117:53): pid=3742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3742] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3742] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3742] exit_group(0) = ? [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] chdir("./52") = 0 [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3744] memfd_create("syzkaller", 0) = 3 [pid 3744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3744] munmap(0x7eff5e600000, 2097152) = 0 [pid 3744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3744] close(3) = 0 [pid 3744] mkdir("./file0", 0777) = 0 [ 67.076108][ T3744] loop0: detected capacity change from 0 to 4096 [ 67.100958][ T3744] NILFS (loop0): invalid segment: Checksum error in segment payload [ 67.108992][ T3744] NILFS (loop0): trying rollback from an earlier position [pid 3744] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3744] chdir("./file0") = 0 [pid 3744] ioctl(4, LOOP_CLR_FD) = 0 [pid 3744] close(4) = 0 [pid 3744] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3744] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3744] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 67.122286][ T3744] NILFS (loop0): recovery complete [ 67.128186][ T3745] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.142966][ T27] audit: type=1800 audit(1670141556.427:54): pid=3744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3744] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3744] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3744] exit_group(0) = ? [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3746 ./strace-static-x86_64: Process 3746 attached [pid 3746] chdir("./53") = 0 [pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3746] setpgid(0, 0) = 0 [pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3746] write(3, "1000", 4) = 4 [pid 3746] close(3) = 0 [pid 3746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3746] memfd_create("syzkaller", 0) = 3 [pid 3746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3746] munmap(0x7eff5e600000, 2097152) = 0 [pid 3746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3746] close(3) = 0 [pid 3746] mkdir("./file0", 0777) = 0 [ 67.390929][ T3746] loop0: detected capacity change from 0 to 4096 [ 67.405896][ T3746] NILFS (loop0): invalid segment: Checksum error in segment payload [ 67.414123][ T3746] NILFS (loop0): trying rollback from an earlier position [ 67.429133][ T3746] NILFS (loop0): recovery complete [pid 3746] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3746] chdir("./file0") = 0 [pid 3746] ioctl(4, LOOP_CLR_FD) = 0 [pid 3746] close(4) = 0 [pid 3746] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3746] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3746] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 67.435302][ T3747] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.457432][ T27] audit: type=1800 audit(1670141556.717:55): pid=3746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3746] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3746] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3746] exit_group(0) = ? [pid 3746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3746, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3748 ./strace-static-x86_64: Process 3748 attached [pid 3748] chdir("./54") = 0 [pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3748] setpgid(0, 0) = 0 [pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3748] write(3, "1000", 4) = 4 [pid 3748] close(3) = 0 [pid 3748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3748] munmap(0x7eff5e600000, 2097152) = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] close(3) = 0 [pid 3748] mkdir("./file0", 0777) = 0 [ 67.696265][ T3748] loop0: detected capacity change from 0 to 4096 [ 67.712758][ T3748] NILFS (loop0): invalid segment: Checksum error in segment payload [ 67.720803][ T3748] NILFS (loop0): trying rollback from an earlier position [ 67.734462][ T3748] NILFS (loop0): recovery complete [pid 3748] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3748] chdir("./file0") = 0 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3748] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3748] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 67.741075][ T3749] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.760069][ T27] audit: type=1800 audit(1670141557.047:56): pid=3748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3748] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3748] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3748] exit_group(0) = ? [pid 3748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3750 ./strace-static-x86_64: Process 3750 attached [pid 3750] chdir("./55") = 0 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3750] memfd_create("syzkaller", 0) = 3 [pid 3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3750] munmap(0x7eff5e600000, 2097152) = 0 [pid 3750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3750] close(3) = 0 [pid 3750] mkdir("./file0", 0777) = 0 [ 68.003500][ T3750] loop0: detected capacity change from 0 to 4096 [ 68.018627][ T3750] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.026645][ T3750] NILFS (loop0): trying rollback from an earlier position [ 68.039675][ T3750] NILFS (loop0): recovery complete [pid 3750] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3750] chdir("./file0") = 0 [pid 3750] ioctl(4, LOOP_CLR_FD) = 0 [pid 3750] close(4) = 0 [pid 3750] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3750] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3750] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 68.045865][ T3751] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.060759][ T27] audit: type=1800 audit(1670141557.347:57): pid=3750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3750] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3750] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3750] exit_group(0) = ? [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3752 ./strace-static-x86_64: Process 3752 attached [pid 3752] chdir("./56") = 0 [pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3752] setpgid(0, 0) = 0 [pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3752] write(3, "1000", 4) = 4 [pid 3752] close(3) = 0 [pid 3752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3752] memfd_create("syzkaller", 0) = 3 [pid 3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3752] munmap(0x7eff5e600000, 2097152) = 0 [pid 3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3752] close(3) = 0 [pid 3752] mkdir("./file0", 0777) = 0 [pid 3752] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3752] chdir("./file0") = 0 [pid 3752] ioctl(4, LOOP_CLR_FD) = 0 [ 68.309716][ T3752] loop0: detected capacity change from 0 to 4096 [ 68.325892][ T3752] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.333930][ T3752] NILFS (loop0): trying rollback from an earlier position [ 68.346814][ T3752] NILFS (loop0): recovery complete [pid 3752] close(4) = 0 [pid 3752] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3752] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3752] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 68.353444][ T3753] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.368226][ T27] audit: type=1800 audit(1670141557.657:58): pid=3752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3752] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3752] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3752] exit_group(0) = ? [pid 3752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3754] chdir("./57") = 0 [pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3754] setpgid(0, 0) = 0 [pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3754] write(3, "1000", 4) = 4 [pid 3754] close(3) = 0 [pid 3754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3754] memfd_create("syzkaller", 0) = 3 [pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3754] munmap(0x7eff5e600000, 2097152) = 0 [pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3754] close(3) = 0 [pid 3754] mkdir("./file0", 0777) = 0 [pid 3754] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3754] chdir("./file0") = 0 [pid 3754] ioctl(4, LOOP_CLR_FD) = 0 [ 68.619078][ T3754] loop0: detected capacity change from 0 to 4096 [ 68.633814][ T3754] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.641917][ T3754] NILFS (loop0): trying rollback from an earlier position [ 68.655044][ T3754] NILFS (loop0): recovery complete [pid 3754] close(4) = 0 [pid 3754] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3754] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3754] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 68.661545][ T3755] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.677415][ T27] audit: type=1800 audit(1670141557.957:59): pid=3754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3754] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3754] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3754] exit_group(0) = ? [pid 3754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3756 ./strace-static-x86_64: Process 3756 attached [pid 3756] chdir("./58") = 0 [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3756] memfd_create("syzkaller", 0) = 3 [pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3756] munmap(0x7eff5e600000, 2097152) = 0 [pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3756] close(3) = 0 [pid 3756] mkdir("./file0", 0777) = 0 [ 68.934656][ T3756] loop0: detected capacity change from 0 to 4096 [ 68.949701][ T3756] NILFS (loop0): invalid segment: Checksum error in segment payload [ 68.957752][ T3756] NILFS (loop0): trying rollback from an earlier position [ 68.971090][ T3756] NILFS (loop0): recovery complete [pid 3756] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3756] chdir("./file0") = 0 [pid 3756] ioctl(4, LOOP_CLR_FD) = 0 [pid 3756] close(4) = 0 [pid 3756] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3756] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3756] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 68.977146][ T3757] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.999882][ T27] audit: type=1800 audit(1670141558.287:60): pid=3756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3756] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3756] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3756] exit_group(0) = ? [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3758 ./strace-static-x86_64: Process 3758 attached [pid 3758] chdir("./59") = 0 [pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3758] setpgid(0, 0) = 0 [pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3758] write(3, "1000", 4) = 4 [pid 3758] close(3) = 0 [pid 3758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3758] memfd_create("syzkaller", 0) = 3 [pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3758] munmap(0x7eff5e600000, 2097152) = 0 [pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3758] close(3) = 0 [pid 3758] mkdir("./file0", 0777) = 0 [ 69.266306][ T3758] loop0: detected capacity change from 0 to 4096 [ 69.281159][ T3758] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.289217][ T3758] NILFS (loop0): trying rollback from an earlier position [ 69.302022][ T3758] NILFS (loop0): recovery complete [pid 3758] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3758] chdir("./file0") = 0 [pid 3758] ioctl(4, LOOP_CLR_FD) = 0 [pid 3758] close(4) = 0 [pid 3758] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3758] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3758] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 69.308509][ T3759] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.324512][ T27] audit: type=1800 audit(1670141558.607:61): pid=3758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3758] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3758] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3758] exit_group(0) = ? [pid 3758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3760 ./strace-static-x86_64: Process 3760 attached [pid 3760] chdir("./60") = 0 [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3760] memfd_create("syzkaller", 0) = 3 [pid 3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3760] munmap(0x7eff5e600000, 2097152) = 0 [pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3760] close(3) = 0 [pid 3760] mkdir("./file0", 0777) = 0 [ 69.602146][ T3760] loop0: detected capacity change from 0 to 4096 [ 69.617126][ T3760] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.625276][ T3760] NILFS (loop0): trying rollback from an earlier position [ 69.638145][ T3760] NILFS (loop0): recovery complete [pid 3760] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3760] chdir("./file0") = 0 [pid 3760] ioctl(4, LOOP_CLR_FD) = 0 [pid 3760] close(4) = 0 [pid 3760] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3760] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3760] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 69.644449][ T3761] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3760] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3760] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3760] exit_group(0) = ? [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3762 ./strace-static-x86_64: Process 3762 attached [pid 3762] chdir("./61") = 0 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3762] memfd_create("syzkaller", 0) = 3 [pid 3762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3762] munmap(0x7eff5e600000, 2097152) = 0 [pid 3762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3762] close(3) = 0 [pid 3762] mkdir("./file0", 0777) = 0 [pid 3762] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3762] chdir("./file0") = 0 [pid 3762] ioctl(4, LOOP_CLR_FD) = 0 [pid 3762] close(4) = 0 [pid 3762] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 69.896376][ T3762] loop0: detected capacity change from 0 to 4096 [ 69.912160][ T3762] NILFS (loop0): invalid segment: Checksum error in segment payload [ 69.920271][ T3762] NILFS (loop0): trying rollback from an earlier position [ 69.933394][ T3762] NILFS (loop0): recovery complete [pid 3762] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3762] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 69.939686][ T3763] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3762] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3762] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3762] exit_group(0) = ? [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3764 ./strace-static-x86_64: Process 3764 attached [pid 3764] chdir("./62") = 0 [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3764] memfd_create("syzkaller", 0) = 3 [pid 3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3764] munmap(0x7eff5e600000, 2097152) = 0 [pid 3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3764] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3764] close(3) = 0 [pid 3764] mkdir("./file0", 0777) = 0 [pid 3764] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 70.197835][ T3764] loop0: detected capacity change from 0 to 4096 [ 70.213401][ T3764] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.221597][ T3764] NILFS (loop0): trying rollback from an earlier position [ 70.234393][ T3764] NILFS (loop0): recovery complete [pid 3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3764] chdir("./file0") = 0 [pid 3764] ioctl(4, LOOP_CLR_FD) = 0 [pid 3764] close(4) = 0 [pid 3764] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3764] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3764] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 70.240833][ T3765] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3764] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3764] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3764] exit_group(0) = ? [pid 3764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3766 ./strace-static-x86_64: Process 3766 attached [pid 3766] chdir("./63") = 0 [pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3766] setpgid(0, 0) = 0 [pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3766] write(3, "1000", 4) = 4 [pid 3766] close(3) = 0 [pid 3766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3766] memfd_create("syzkaller", 0) = 3 [pid 3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3766] munmap(0x7eff5e600000, 2097152) = 0 [pid 3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3766] close(3) = 0 [pid 3766] mkdir("./file0", 0777) = 0 [ 70.491729][ T3766] loop0: detected capacity change from 0 to 4096 [ 70.506555][ T3766] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.515119][ T3766] NILFS (loop0): trying rollback from an earlier position [ 70.528200][ T3766] NILFS (loop0): recovery complete [pid 3766] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3766] chdir("./file0") = 0 [pid 3766] ioctl(4, LOOP_CLR_FD) = 0 [pid 3766] close(4) = 0 [pid 3766] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3766] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3766] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 70.534175][ T3767] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3766] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3766] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3766] exit_group(0) = ? [pid 3766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3768 attached [pid 3768] chdir("./64") = 0 [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3768 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3768] memfd_create("syzkaller", 0) = 3 [pid 3768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3768] munmap(0x7eff5e600000, 2097152) = 0 [pid 3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3768] close(3) = 0 [pid 3768] mkdir("./file0", 0777) = 0 [ 70.797309][ T3768] loop0: detected capacity change from 0 to 4096 [ 70.813764][ T3768] NILFS (loop0): invalid segment: Checksum error in segment payload [ 70.821881][ T3768] NILFS (loop0): trying rollback from an earlier position [ 70.834954][ T3768] NILFS (loop0): recovery complete [pid 3768] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3768] chdir("./file0") = 0 [pid 3768] ioctl(4, LOOP_CLR_FD) = 0 [pid 3768] close(4) = 0 [pid 3768] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3768] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 70.840819][ T3769] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3768] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3768] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3768] exit_group(0) = ? [pid 3768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3770 ./strace-static-x86_64: Process 3770 attached [pid 3770] chdir("./65") = 0 [pid 3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3770] setpgid(0, 0) = 0 [pid 3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3770] write(3, "1000", 4) = 4 [pid 3770] close(3) = 0 [pid 3770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3770] memfd_create("syzkaller", 0) = 3 [pid 3770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3770] munmap(0x7eff5e600000, 2097152) = 0 [pid 3770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3770] close(3) = 0 [pid 3770] mkdir("./file0", 0777) = 0 [ 71.075790][ T3770] loop0: detected capacity change from 0 to 4096 [ 71.093046][ T3770] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.101101][ T3770] NILFS (loop0): trying rollback from an earlier position [ 71.115966][ T3770] NILFS (loop0): recovery complete [pid 3770] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3770] chdir("./file0") = 0 [pid 3770] ioctl(4, LOOP_CLR_FD) = 0 [pid 3770] close(4) = 0 [pid 3770] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3770] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3770] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 71.122305][ T3771] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3770] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3770] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3770] exit_group(0) = ? [pid 3770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3772 ./strace-static-x86_64: Process 3772 attached [pid 3772] chdir("./66") = 0 [pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3772] setpgid(0, 0) = 0 [pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3772] write(3, "1000", 4) = 4 [pid 3772] close(3) = 0 [pid 3772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3772] memfd_create("syzkaller", 0) = 3 [pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3772] munmap(0x7eff5e600000, 2097152) = 0 [pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3772] close(3) = 0 [pid 3772] mkdir("./file0", 0777) = 0 [ 71.484467][ T3772] loop0: detected capacity change from 0 to 4096 [ 71.501192][ T3772] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.509421][ T3772] NILFS (loop0): trying rollback from an earlier position [ 71.528440][ T3772] NILFS (loop0): recovery complete [pid 3772] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3772] chdir("./file0") = 0 [pid 3772] ioctl(4, LOOP_CLR_FD) = 0 [pid 3772] close(4) = 0 [pid 3772] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3772] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3772] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 71.538763][ T3773] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.556120][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 71.556132][ T27] audit: type=1800 audit(1670141560.827:68): pid=3772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3772] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3772] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3772] exit_group(0) = ? [pid 3772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3774 ./strace-static-x86_64: Process 3774 attached [pid 3774] chdir("./67") = 0 [pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3774] setpgid(0, 0) = 0 [pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3774] write(3, "1000", 4) = 4 [pid 3774] close(3) = 0 [pid 3774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3774] memfd_create("syzkaller", 0) = 3 [pid 3774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3774] munmap(0x7eff5e600000, 2097152) = 0 [pid 3774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3774] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3774] close(3) = 0 [pid 3774] mkdir("./file0", 0777) = 0 [ 71.914882][ T3774] loop0: detected capacity change from 0 to 4096 [ 71.929938][ T3774] NILFS (loop0): invalid segment: Checksum error in segment payload [ 71.938080][ T3774] NILFS (loop0): trying rollback from an earlier position [ 71.950599][ T3774] NILFS (loop0): recovery complete [pid 3774] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3774] chdir("./file0") = 0 [pid 3774] ioctl(4, LOOP_CLR_FD) = 0 [pid 3774] close(4) = 0 [pid 3774] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3774] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3774] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 71.956960][ T3775] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.980207][ T27] audit: type=1800 audit(1670141561.267:69): pid=3774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3774] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3774] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3774] exit_group(0) = ? [pid 3774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3776 ./strace-static-x86_64: Process 3776 attached [pid 3776] chdir("./68") = 0 [pid 3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3776] setpgid(0, 0) = 0 [pid 3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3776] write(3, "1000", 4) = 4 [pid 3776] close(3) = 0 [pid 3776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3776] memfd_create("syzkaller", 0) = 3 [pid 3776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3776] munmap(0x7eff5e600000, 2097152) = 0 [pid 3776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3776] close(3) = 0 [pid 3776] mkdir("./file0", 0777) = 0 [ 72.242865][ T3776] loop0: detected capacity change from 0 to 4096 [ 72.258179][ T3776] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.266186][ T3776] NILFS (loop0): trying rollback from an earlier position [ 72.279396][ T3776] NILFS (loop0): recovery complete [pid 3776] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3776] chdir("./file0") = 0 [pid 3776] ioctl(4, LOOP_CLR_FD) = 0 [pid 3776] close(4) = 0 [pid 3776] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3776] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3776] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 72.285740][ T3777] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.305877][ T27] audit: type=1800 audit(1670141561.577:70): pid=3776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3776] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3776] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3776] exit_group(0) = ? [pid 3776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3778 ./strace-static-x86_64: Process 3778 attached [pid 3778] chdir("./69") = 0 [pid 3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3778] setpgid(0, 0) = 0 [pid 3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3778] write(3, "1000", 4) = 4 [pid 3778] close(3) = 0 [pid 3778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3778] munmap(0x7eff5e600000, 2097152) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [ 72.564563][ T3778] loop0: detected capacity change from 0 to 4096 [ 72.579486][ T3778] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.587527][ T3778] NILFS (loop0): trying rollback from an earlier position [ 72.600161][ T3778] NILFS (loop0): recovery complete [pid 3778] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file0") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 72.606399][ T3779] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3778] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3778] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 72.638109][ T27] audit: type=1800 audit(1670141561.927:71): pid=3778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3778] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3778] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3778] exit_group(0) = ? [pid 3778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3780 ./strace-static-x86_64: Process 3780 attached [pid 3780] chdir("./70") = 0 [pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3780] setpgid(0, 0) = 0 [pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3780] write(3, "1000", 4) = 4 [pid 3780] close(3) = 0 [pid 3780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3780] memfd_create("syzkaller", 0) = 3 [pid 3780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3780] munmap(0x7eff5e600000, 2097152) = 0 [pid 3780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3780] close(3) = 0 [pid 3780] mkdir("./file0", 0777) = 0 [ 72.872134][ T3780] loop0: detected capacity change from 0 to 4096 [ 72.888274][ T3780] NILFS (loop0): invalid segment: Checksum error in segment payload [ 72.896294][ T3780] NILFS (loop0): trying rollback from an earlier position [ 72.909577][ T3780] NILFS (loop0): recovery complete [pid 3780] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3780] chdir("./file0") = 0 [pid 3780] ioctl(4, LOOP_CLR_FD) = 0 [pid 3780] close(4) = 0 [pid 3780] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3780] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3780] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 72.915989][ T3781] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.919233][ T27] audit: type=1800 audit(1670141562.207:72): pid=3780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3780] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3780] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3780] exit_group(0) = ? [pid 3780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3782 ./strace-static-x86_64: Process 3782 attached [pid 3782] chdir("./71") = 0 [pid 3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3782] setpgid(0, 0) = 0 [pid 3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3782] write(3, "1000", 4) = 4 [pid 3782] close(3) = 0 [pid 3782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3782] memfd_create("syzkaller", 0) = 3 [pid 3782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3782] munmap(0x7eff5e600000, 2097152) = 0 [pid 3782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3782] close(3) = 0 [pid 3782] mkdir("./file0", 0777) = 0 [pid 3782] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3782] chdir("./file0") = 0 [pid 3782] ioctl(4, LOOP_CLR_FD) = 0 [pid 3782] close(4) = 0 [pid 3782] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 73.183044][ T3782] loop0: detected capacity change from 0 to 4096 [ 73.197913][ T3782] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.205905][ T3782] NILFS (loop0): trying rollback from an earlier position [ 73.218481][ T3782] NILFS (loop0): recovery complete [pid 3782] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3782] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 73.224459][ T3783] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.234319][ T27] audit: type=1800 audit(1670141562.517:73): pid=3782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3782] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3782] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3782] exit_group(0) = ? [pid 3782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3784 ./strace-static-x86_64: Process 3784 attached [pid 3784] chdir("./72") = 0 [pid 3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3784] setpgid(0, 0) = 0 [pid 3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3784] write(3, "1000", 4) = 4 [pid 3784] close(3) = 0 [pid 3784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3784] memfd_create("syzkaller", 0) = 3 [pid 3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3784] munmap(0x7eff5e600000, 2097152) = 0 [pid 3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3784] close(3) = 0 [pid 3784] mkdir("./file0", 0777) = 0 [ 73.483272][ T3784] loop0: detected capacity change from 0 to 4096 [ 73.499327][ T3784] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.507401][ T3784] NILFS (loop0): trying rollback from an earlier position [ 73.521763][ T3784] NILFS (loop0): recovery complete [pid 3784] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3784] chdir("./file0") = 0 [pid 3784] ioctl(4, LOOP_CLR_FD) = 0 [pid 3784] close(4) = 0 [pid 3784] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3784] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3784] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 73.527868][ T3785] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.548327][ T27] audit: type=1800 audit(1670141562.837:74): pid=3784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3784] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3784] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3784] exit_group(0) = ? [pid 3784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3786 ./strace-static-x86_64: Process 3786 attached [pid 3786] chdir("./73") = 0 [pid 3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3786] setpgid(0, 0) = 0 [pid 3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3786] write(3, "1000", 4) = 4 [pid 3786] close(3) = 0 [pid 3786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3786] memfd_create("syzkaller", 0) = 3 [pid 3786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3786] munmap(0x7eff5e600000, 2097152) = 0 [pid 3786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3786] close(3) = 0 [pid 3786] mkdir("./file0", 0777) = 0 [ 73.812852][ T3786] loop0: detected capacity change from 0 to 4096 [ 73.829497][ T3786] NILFS (loop0): invalid segment: Checksum error in segment payload [ 73.837551][ T3786] NILFS (loop0): trying rollback from an earlier position [ 73.850482][ T3786] NILFS (loop0): recovery complete [pid 3786] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3786] chdir("./file0") = 0 [pid 3786] ioctl(4, LOOP_CLR_FD) = 0 [pid 3786] close(4) = 0 [pid 3786] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3786] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3786] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 73.856461][ T3787] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.874148][ T27] audit: type=1800 audit(1670141563.147:75): pid=3786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3786] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3786] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3786] exit_group(0) = ? [pid 3786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3788 attached [pid 3788] chdir("./74") = 0 [pid 3788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3788] setpgid(0, 0) = 0 [pid 3788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3788] write(3, "1000", 4) = 4 [pid 3788] close(3) = 0 [pid 3788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3788 [pid 3788] memfd_create("syzkaller", 0) = 3 [pid 3788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3788] munmap(0x7eff5e600000, 2097152) = 0 [pid 3788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3788] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3788] close(3) = 0 [pid 3788] mkdir("./file0", 0777) = 0 [ 74.114518][ T3788] loop0: detected capacity change from 0 to 4096 [ 74.130815][ T3788] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.138857][ T3788] NILFS (loop0): trying rollback from an earlier position [ 74.152134][ T3788] NILFS (loop0): recovery complete [pid 3788] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3788] chdir("./file0") = 0 [pid 3788] ioctl(4, LOOP_CLR_FD) = 0 [pid 3788] close(4) = 0 [pid 3788] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3788] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3788] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 74.158592][ T3789] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.178718][ T27] audit: type=1800 audit(1670141563.447:76): pid=3788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3788] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3788] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3788] exit_group(0) = ? [pid 3788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3788, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3790 ./strace-static-x86_64: Process 3790 attached [pid 3790] chdir("./75") = 0 [pid 3790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3790] setpgid(0, 0) = 0 [pid 3790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3790] write(3, "1000", 4) = 4 [pid 3790] close(3) = 0 [pid 3790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3790] memfd_create("syzkaller", 0) = 3 [pid 3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3790] munmap(0x7eff5e600000, 2097152) = 0 [pid 3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3790] close(3) = 0 [pid 3790] mkdir("./file0", 0777) = 0 [ 74.424910][ T3790] loop0: detected capacity change from 0 to 4096 [ 74.441669][ T3790] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.449817][ T3790] NILFS (loop0): trying rollback from an earlier position [ 74.462612][ T3790] NILFS (loop0): recovery complete [pid 3790] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3790] chdir("./file0") = 0 [pid 3790] ioctl(4, LOOP_CLR_FD) = 0 [pid 3790] close(4) = 0 [pid 3790] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3790] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3790] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 74.469308][ T3791] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.488869][ T27] audit: type=1800 audit(1670141563.767:77): pid=3790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3790] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3790] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3790] exit_group(0) = ? [pid 3790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3790, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3792 attached [pid 3792] chdir("./76") = 0 [pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3792] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3792 [pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3792] write(3, "1000", 4) = 4 [pid 3792] close(3) = 0 [pid 3792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3792] memfd_create("syzkaller", 0) = 3 [pid 3792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3792] munmap(0x7eff5e600000, 2097152) = 0 [pid 3792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3792] close(3) = 0 [pid 3792] mkdir("./file0", 0777) = 0 [ 74.733092][ T3792] loop0: detected capacity change from 0 to 4096 [ 74.750501][ T3792] NILFS (loop0): invalid segment: Checksum error in segment payload [ 74.758615][ T3792] NILFS (loop0): trying rollback from an earlier position [ 74.772802][ T3792] NILFS (loop0): recovery complete [pid 3792] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3792] chdir("./file0") = 0 [pid 3792] ioctl(4, LOOP_CLR_FD) = 0 [pid 3792] close(4) = 0 [pid 3792] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3792] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3792] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 74.780090][ T3793] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3792] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3792] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3792] exit_group(0) = ? [pid 3792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3794 ./strace-static-x86_64: Process 3794 attached [pid 3794] chdir("./77") = 0 [pid 3794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3794] setpgid(0, 0) = 0 [pid 3794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3794] write(3, "1000", 4) = 4 [pid 3794] close(3) = 0 [pid 3794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3794] memfd_create("syzkaller", 0) = 3 [pid 3794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3794] munmap(0x7eff5e600000, 2097152) = 0 [pid 3794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3794] close(3) = 0 [pid 3794] mkdir("./file0", 0777) = 0 [ 75.033056][ T3794] loop0: detected capacity change from 0 to 4096 [ 75.048927][ T3794] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.056928][ T3794] NILFS (loop0): trying rollback from an earlier position [ 75.070398][ T3794] NILFS (loop0): recovery complete [pid 3794] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3794] chdir("./file0") = 0 [pid 3794] ioctl(4, LOOP_CLR_FD) = 0 [pid 3794] close(4) = 0 [pid 3794] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3794] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3794] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 75.076251][ T3795] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3794] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3794] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3794] exit_group(0) = ? [pid 3794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3794, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3796 ./strace-static-x86_64: Process 3796 attached [pid 3796] chdir("./78") = 0 [pid 3796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3796] setpgid(0, 0) = 0 [pid 3796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3796] write(3, "1000", 4) = 4 [pid 3796] close(3) = 0 [pid 3796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3796] memfd_create("syzkaller", 0) = 3 [pid 3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3796] munmap(0x7eff5e600000, 2097152) = 0 [pid 3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3796] close(3) = 0 [pid 3796] mkdir("./file0", 0777) = 0 [ 75.319619][ T3796] loop0: detected capacity change from 0 to 4096 [ 75.337129][ T3796] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.345202][ T3796] NILFS (loop0): trying rollback from an earlier position [ 75.359254][ T3796] NILFS (loop0): recovery complete [pid 3796] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3796] chdir("./file0") = 0 [pid 3796] ioctl(4, LOOP_CLR_FD) = 0 [pid 3796] close(4) = 0 [pid 3796] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3796] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3796] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 75.365535][ T3797] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3796] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3796] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3796] exit_group(0) = ? [pid 3796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3796, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3798 ./strace-static-x86_64: Process 3798 attached [pid 3798] chdir("./79") = 0 [pid 3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3798] setpgid(0, 0) = 0 [pid 3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3798] write(3, "1000", 4) = 4 [pid 3798] close(3) = 0 [pid 3798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3798] memfd_create("syzkaller", 0) = 3 [pid 3798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3798] munmap(0x7eff5e600000, 2097152) = 0 [pid 3798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3798] close(3) = 0 [pid 3798] mkdir("./file0", 0777) = 0 [ 75.617022][ T3798] loop0: detected capacity change from 0 to 4096 [ 75.633535][ T3798] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.641590][ T3798] NILFS (loop0): trying rollback from an earlier position [ 75.655252][ T3798] NILFS (loop0): recovery complete [pid 3798] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3798] chdir("./file0") = 0 [pid 3798] ioctl(4, LOOP_CLR_FD) = 0 [pid 3798] close(4) = 0 [pid 3798] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3798] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3798] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 75.661923][ T3799] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3798] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3798] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3798] exit_group(0) = ? [pid 3798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3800 ./strace-static-x86_64: Process 3800 attached [pid 3800] chdir("./80") = 0 [pid 3800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3800] setpgid(0, 0) = 0 [pid 3800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3800] write(3, "1000", 4) = 4 [pid 3800] close(3) = 0 [pid 3800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3800] memfd_create("syzkaller", 0) = 3 [pid 3800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3800] munmap(0x7eff5e600000, 2097152) = 0 [pid 3800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3800] close(3) = 0 [pid 3800] mkdir("./file0", 0777) = 0 [ 75.960748][ T3800] loop0: detected capacity change from 0 to 4096 [ 75.976777][ T3800] NILFS (loop0): invalid segment: Checksum error in segment payload [ 75.985151][ T3800] NILFS (loop0): trying rollback from an earlier position [ 75.998463][ T3800] NILFS (loop0): recovery complete [pid 3800] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3800] chdir("./file0") = 0 [pid 3800] ioctl(4, LOOP_CLR_FD) = 0 [pid 3800] close(4) = 0 [pid 3800] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3800] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3800] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 76.010549][ T3801] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3800] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3800] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3800] exit_group(0) = ? [pid 3800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3800, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3802 attached [pid 3802] chdir("./81") = 0 [pid 3802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3802] setpgid(0, 0) = 0 [pid 3802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3802 [pid 3802] <... openat resumed>) = 3 [pid 3802] write(3, "1000", 4) = 4 [pid 3802] close(3) = 0 [pid 3802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3802] munmap(0x7eff5e600000, 2097152) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file0", 0777) = 0 [ 76.265071][ T3802] loop0: detected capacity change from 0 to 4096 [ 76.281069][ T3802] NILFS (loop0): invalid segment: Checksum error in segment payload [ 76.290771][ T7] cfg80211: failed to load regulatory.db [ 76.300529][ T3802] NILFS (loop0): trying rollback from an earlier position [pid 3802] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file0") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3802] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 76.313742][ T3802] NILFS (loop0): recovery complete [ 76.320009][ T3803] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3802] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3802] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3802] exit_group(0) = ? [pid 3802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3802, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3804 ./strace-static-x86_64: Process 3804 attached [pid 3804] chdir("./82") = 0 [pid 3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3804] setpgid(0, 0) = 0 [pid 3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3804] write(3, "1000", 4) = 4 [pid 3804] close(3) = 0 [pid 3804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3804] memfd_create("syzkaller", 0) = 3 [pid 3804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3804] munmap(0x7eff5e600000, 2097152) = 0 [pid 3804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3804] close(3) = 0 [pid 3804] mkdir("./file0", 0777) = 0 [ 76.602139][ T3804] loop0: detected capacity change from 0 to 4096 [ 76.621065][ T3804] NILFS (loop0): invalid segment: Checksum error in segment payload [ 76.629347][ T3804] NILFS (loop0): trying rollback from an earlier position [ 76.644666][ T3804] NILFS (loop0): recovery complete [pid 3804] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3804] chdir("./file0") = 0 [pid 3804] ioctl(4, LOOP_CLR_FD) = 0 [pid 3804] close(4) = 0 [pid 3804] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3804] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3804] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 76.651121][ T3805] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.667396][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 76.667410][ T27] audit: type=1800 audit(1670141565.937:84): pid=3804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3804] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3804] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3804] exit_group(0) = ? [pid 3804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3806 ./strace-static-x86_64: Process 3806 attached [pid 3806] chdir("./83") = 0 [pid 3806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3806] setpgid(0, 0) = 0 [pid 3806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3806] write(3, "1000", 4) = 4 [pid 3806] close(3) = 0 [pid 3806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3806] memfd_create("syzkaller", 0) = 3 [pid 3806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3806] munmap(0x7eff5e600000, 2097152) = 0 [pid 3806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3806] close(3) = 0 [pid 3806] mkdir("./file0", 0777) = 0 [ 76.915410][ T3806] loop0: detected capacity change from 0 to 4096 [ 76.931288][ T3806] NILFS (loop0): invalid segment: Checksum error in segment payload [ 76.939544][ T3806] NILFS (loop0): trying rollback from an earlier position [ 76.952538][ T3806] NILFS (loop0): recovery complete [pid 3806] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3806] chdir("./file0") = 0 [pid 3806] ioctl(4, LOOP_CLR_FD) = 0 [pid 3806] close(4) = 0 [pid 3806] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3806] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3806] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 76.958767][ T3807] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.972490][ T27] audit: type=1800 audit(1670141566.257:85): pid=3806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3806] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3806] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3806] exit_group(0) = ? [pid 3806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3806, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3808 ./strace-static-x86_64: Process 3808 attached [pid 3808] chdir("./84") = 0 [pid 3808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3808] setpgid(0, 0) = 0 [pid 3808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3808] write(3, "1000", 4) = 4 [pid 3808] close(3) = 0 [pid 3808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3808] memfd_create("syzkaller", 0) = 3 [pid 3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3808] munmap(0x7eff5e600000, 2097152) = 0 [pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3808] close(3) = 0 [pid 3808] mkdir("./file0", 0777) = 0 [ 77.254898][ T3808] loop0: detected capacity change from 0 to 4096 [ 77.270252][ T3808] NILFS (loop0): invalid segment: Checksum error in segment payload [ 77.278300][ T3808] NILFS (loop0): trying rollback from an earlier position [ 77.291356][ T3808] NILFS (loop0): recovery complete [pid 3808] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3808] chdir("./file0") = 0 [pid 3808] ioctl(4, LOOP_CLR_FD) = 0 [pid 3808] close(4) = 0 [pid 3808] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 77.297239][ T3809] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3808] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3808] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 77.331714][ T27] audit: type=1800 audit(1670141566.617:86): pid=3808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3808] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3808] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3808] exit_group(0) = ? [pid 3808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3808, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3810 ./strace-static-x86_64: Process 3810 attached [pid 3810] chdir("./85") = 0 [pid 3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3810] setpgid(0, 0) = 0 [pid 3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3810] write(3, "1000", 4) = 4 [pid 3810] close(3) = 0 [pid 3810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3810] memfd_create("syzkaller", 0) = 3 [pid 3810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3810] munmap(0x7eff5e600000, 2097152) = 0 [pid 3810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3810] close(3) = 0 [pid 3810] mkdir("./file0", 0777) = 0 [ 77.580929][ T3810] loop0: detected capacity change from 0 to 4096 [ 77.597694][ T3810] NILFS (loop0): invalid segment: Checksum error in segment payload [ 77.605823][ T3810] NILFS (loop0): trying rollback from an earlier position [ 77.619135][ T3810] NILFS (loop0): recovery complete [pid 3810] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3810] chdir("./file0") = 0 [pid 3810] ioctl(4, LOOP_CLR_FD) = 0 [pid 3810] close(4) = 0 [pid 3810] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3810] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3810] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 77.625073][ T3811] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.630443][ T27] audit: type=1800 audit(1670141566.907:87): pid=3810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3810] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3810] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3810] exit_group(0) = ? [pid 3810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3812 ./strace-static-x86_64: Process 3812 attached [pid 3812] chdir("./86") = 0 [pid 3812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3812] setpgid(0, 0) = 0 [pid 3812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3812] write(3, "1000", 4) = 4 [pid 3812] close(3) = 0 [pid 3812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3812] memfd_create("syzkaller", 0) = 3 [pid 3812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3812] munmap(0x7eff5e600000, 2097152) = 0 [pid 3812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3812] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3812] close(3) = 0 [pid 3812] mkdir("./file0", 0777) = 0 [ 77.898982][ T3812] loop0: detected capacity change from 0 to 4096 [ 77.914974][ T3812] NILFS (loop0): invalid segment: Checksum error in segment payload [ 77.923111][ T3812] NILFS (loop0): trying rollback from an earlier position [ 77.935573][ T3812] NILFS (loop0): recovery complete [pid 3812] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3812] chdir("./file0") = 0 [pid 3812] ioctl(4, LOOP_CLR_FD) = 0 [pid 3812] close(4) = 0 [pid 3812] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3812] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3812] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 77.941689][ T3813] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.955021][ T27] audit: type=1800 audit(1670141567.237:88): pid=3812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3812] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3812] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3812] exit_group(0) = ? [pid 3812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3812, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3814 ./strace-static-x86_64: Process 3814 attached [pid 3814] chdir("./87") = 0 [pid 3814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3814] setpgid(0, 0) = 0 [pid 3814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3814] write(3, "1000", 4) = 4 [pid 3814] close(3) = 0 [pid 3814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3814] memfd_create("syzkaller", 0) = 3 [pid 3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3814] munmap(0x7eff5e600000, 2097152) = 0 [pid 3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3814] close(3) = 0 [pid 3814] mkdir("./file0", 0777) = 0 [ 78.194930][ T3814] loop0: detected capacity change from 0 to 4096 [ 78.210656][ T3814] NILFS (loop0): invalid segment: Checksum error in segment payload [ 78.218756][ T3814] NILFS (loop0): trying rollback from an earlier position [ 78.232520][ T3814] NILFS (loop0): recovery complete [pid 3814] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3814] chdir("./file0") = 0 [pid 3814] ioctl(4, LOOP_CLR_FD) = 0 [pid 3814] close(4) = 0 [pid 3814] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3814] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3814] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 78.238482][ T3815] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.257439][ T27] audit: type=1800 audit(1670141567.537:89): pid=3814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3814] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3814] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3814] exit_group(0) = ? [pid 3814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3814, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3816 ./strace-static-x86_64: Process 3816 attached [pid 3816] chdir("./88") = 0 [pid 3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3816] setpgid(0, 0) = 0 [pid 3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3816] write(3, "1000", 4) = 4 [pid 3816] close(3) = 0 [pid 3816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3816] memfd_create("syzkaller", 0) = 3 [pid 3816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3816] munmap(0x7eff5e600000, 2097152) = 0 [pid 3816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3816] close(3) = 0 [pid 3816] mkdir("./file0", 0777) = 0 [ 78.523101][ T3816] loop0: detected capacity change from 0 to 4096 [ 78.539227][ T3816] NILFS (loop0): invalid segment: Checksum error in segment payload [ 78.547248][ T3816] NILFS (loop0): trying rollback from an earlier position [ 78.560930][ T3816] NILFS (loop0): recovery complete [pid 3816] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3816] chdir("./file0") = 0 [pid 3816] ioctl(4, LOOP_CLR_FD) = 0 [pid 3816] close(4) = 0 [pid 3816] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3816] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3816] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 78.566735][ T3817] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.583541][ T27] audit: type=1800 audit(1670141567.867:90): pid=3816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3816] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3816] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3816] exit_group(0) = ? [pid 3816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3818 ./strace-static-x86_64: Process 3818 attached [pid 3818] chdir("./89") = 0 [pid 3818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3818] setpgid(0, 0) = 0 [pid 3818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3818] write(3, "1000", 4) = 4 [pid 3818] close(3) = 0 [pid 3818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3818] memfd_create("syzkaller", 0) = 3 [pid 3818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3818] munmap(0x7eff5e600000, 2097152) = 0 [pid 3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3818] close(3) = 0 [pid 3818] mkdir("./file0", 0777) = 0 [ 78.844874][ T3818] loop0: detected capacity change from 0 to 4096 [ 78.859893][ T3818] NILFS (loop0): invalid segment: Checksum error in segment payload [ 78.868341][ T3818] NILFS (loop0): trying rollback from an earlier position [ 78.882670][ T3818] NILFS (loop0): recovery complete [pid 3818] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3818] chdir("./file0") = 0 [pid 3818] ioctl(4, LOOP_CLR_FD) = 0 [pid 3818] close(4) = 0 [pid 3818] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3818] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3818] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 78.888562][ T3819] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.910457][ T27] audit: type=1800 audit(1670141568.197:91): pid=3818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3818] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3818] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3818] exit_group(0) = ? [pid 3818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3818, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3820 ./strace-static-x86_64: Process 3820 attached [pid 3820] chdir("./90") = 0 [pid 3820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3820] setpgid(0, 0) = 0 [pid 3820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3820] write(3, "1000", 4) = 4 [pid 3820] close(3) = 0 [pid 3820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3820] memfd_create("syzkaller", 0) = 3 [pid 3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3820] munmap(0x7eff5e600000, 2097152) = 0 [pid 3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3820] close(3) = 0 [pid 3820] mkdir("./file0", 0777) = 0 [ 79.145602][ T3820] loop0: detected capacity change from 0 to 4096 [ 79.161982][ T3820] NILFS (loop0): invalid segment: Checksum error in segment payload [ 79.170138][ T3820] NILFS (loop0): trying rollback from an earlier position [ 79.183401][ T3820] NILFS (loop0): recovery complete [pid 3820] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3820] chdir("./file0") = 0 [pid 3820] ioctl(4, LOOP_CLR_FD) = 0 [pid 3820] close(4) = 0 [pid 3820] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3820] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3820] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 79.189290][ T3821] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.203407][ T27] audit: type=1800 audit(1670141568.487:92): pid=3820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3820] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3820] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3820] exit_group(0) = ? [pid 3820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3820, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] chdir("./91") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] memfd_create("syzkaller", 0) = 3 [pid 3822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3822] munmap(0x7eff5e600000, 2097152) = 0 [pid 3822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3822] close(3) = 0 [pid 3822] mkdir("./file0", 0777) = 0 [ 79.461181][ T3822] loop0: detected capacity change from 0 to 4096 [ 79.478379][ T3822] NILFS (loop0): invalid segment: Checksum error in segment payload [ 79.486467][ T3822] NILFS (loop0): trying rollback from an earlier position [ 79.502841][ T3822] NILFS (loop0): recovery complete [pid 3822] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3822] chdir("./file0") = 0 [pid 3822] ioctl(4, LOOP_CLR_FD) = 0 [pid 3822] close(4) = 0 [pid 3822] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3822] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3822] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 79.509098][ T3823] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.526475][ T27] audit: type=1800 audit(1670141568.807:93): pid=3822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3822] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3822] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3822] exit_group(0) = ? [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3824 ./strace-static-x86_64: Process 3824 attached [pid 3824] chdir("./92") = 0 [pid 3824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3824] setpgid(0, 0) = 0 [pid 3824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3824] write(3, "1000", 4) = 4 [pid 3824] close(3) = 0 [pid 3824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3824] memfd_create("syzkaller", 0) = 3 [pid 3824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3824] munmap(0x7eff5e600000, 2097152) = 0 [pid 3824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3824] close(3) = 0 [pid 3824] mkdir("./file0", 0777) = 0 [ 79.782172][ T3824] loop0: detected capacity change from 0 to 4096 [ 79.797616][ T3824] NILFS (loop0): invalid segment: Checksum error in segment payload [ 79.805680][ T3824] NILFS (loop0): trying rollback from an earlier position [ 79.818683][ T3824] NILFS (loop0): recovery complete [pid 3824] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3824] chdir("./file0") = 0 [pid 3824] ioctl(4, LOOP_CLR_FD) = 0 [pid 3824] close(4) = 0 [pid 3824] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3824] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3824] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 79.824464][ T3825] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3824] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3824] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3824] exit_group(0) = ? [pid 3824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3824, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3826 ./strace-static-x86_64: Process 3826 attached [pid 3826] chdir("./93") = 0 [pid 3826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3826] setpgid(0, 0) = 0 [pid 3826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3826] write(3, "1000", 4) = 4 [pid 3826] close(3) = 0 [pid 3826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3826] memfd_create("syzkaller", 0) = 3 [pid 3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3826] munmap(0x7eff5e600000, 2097152) = 0 [pid 3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3826] close(3) = 0 [pid 3826] mkdir("./file0", 0777) = 0 [pid 3826] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 80.070280][ T3826] loop0: detected capacity change from 0 to 4096 [ 80.084881][ T3826] NILFS (loop0): invalid segment: Checksum error in segment payload [ 80.092965][ T3826] NILFS (loop0): trying rollback from an earlier position [ 80.106023][ T3826] NILFS (loop0): recovery complete [pid 3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3826] chdir("./file0") = 0 [pid 3826] ioctl(4, LOOP_CLR_FD) = 0 [pid 3826] close(4) = 0 [pid 3826] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3826] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3826] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 80.112622][ T3827] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3826] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3826] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3826] exit_group(0) = ? [pid 3826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3826, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3828 attached [pid 3828] chdir("./94" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3828 [pid 3828] <... chdir resumed>) = 0 [pid 3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3828] setpgid(0, 0) = 0 [pid 3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3828] write(3, "1000", 4) = 4 [pid 3828] close(3) = 0 [pid 3828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3828] memfd_create("syzkaller", 0) = 3 [pid 3828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3828] munmap(0x7eff5e600000, 2097152) = 0 [pid 3828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3828] close(3) = 0 [pid 3828] mkdir("./file0", 0777) = 0 [ 80.376504][ T3828] loop0: detected capacity change from 0 to 4096 [ 80.392402][ T3828] NILFS (loop0): invalid segment: Checksum error in segment payload [ 80.400442][ T3828] NILFS (loop0): trying rollback from an earlier position [ 80.413820][ T3828] NILFS (loop0): recovery complete [pid 3828] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3828] chdir("./file0") = 0 [pid 3828] ioctl(4, LOOP_CLR_FD) = 0 [pid 3828] close(4) = 0 [pid 3828] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3828] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3828] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 80.419726][ T3829] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3828] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3828] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3828] exit_group(0) = ? [pid 3828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3830 ./strace-static-x86_64: Process 3830 attached [pid 3830] chdir("./95") = 0 [pid 3830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3830] setpgid(0, 0) = 0 [pid 3830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3830] write(3, "1000", 4) = 4 [pid 3830] close(3) = 0 [pid 3830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3830] memfd_create("syzkaller", 0) = 3 [pid 3830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3830] munmap(0x7eff5e600000, 2097152) = 0 [pid 3830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3830] close(3) = 0 [pid 3830] mkdir("./file0", 0777) = 0 [ 80.681566][ T3830] loop0: detected capacity change from 0 to 4096 [ 80.698557][ T3830] NILFS (loop0): invalid segment: Checksum error in segment payload [ 80.706603][ T3830] NILFS (loop0): trying rollback from an earlier position [ 80.720041][ T3830] NILFS (loop0): recovery complete [pid 3830] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3830] chdir("./file0") = 0 [pid 3830] ioctl(4, LOOP_CLR_FD) = 0 [pid 3830] close(4) = 0 [pid 3830] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3830] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3830] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 80.725804][ T3831] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3830] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3830] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3830] exit_group(0) = ? [pid 3830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3830, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3832 ./strace-static-x86_64: Process 3832 attached [pid 3832] chdir("./96") = 0 [pid 3832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3832] setpgid(0, 0) = 0 [pid 3832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3832] write(3, "1000", 4) = 4 [pid 3832] close(3) = 0 [pid 3832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3832] memfd_create("syzkaller", 0) = 3 [pid 3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3832] munmap(0x7eff5e600000, 2097152) = 0 [pid 3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3832] close(3) = 0 [pid 3832] mkdir("./file0", 0777) = 0 [ 80.981529][ T3832] loop0: detected capacity change from 0 to 4096 [ 80.996830][ T3832] NILFS (loop0): invalid segment: Checksum error in segment payload [ 81.005100][ T3832] NILFS (loop0): trying rollback from an earlier position [ 81.018656][ T3832] NILFS (loop0): recovery complete [pid 3832] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3832] chdir("./file0") = 0 [pid 3832] ioctl(4, LOOP_CLR_FD) = 0 [pid 3832] close(4) = 0 [pid 3832] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3832] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3832] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 81.024872][ T3833] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3832] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3832] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3832] exit_group(0) = ? [pid 3832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3832, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3834 ./strace-static-x86_64: Process 3834 attached [pid 3834] chdir("./97") = 0 [pid 3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3834] setpgid(0, 0) = 0 [pid 3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3834] write(3, "1000", 4) = 4 [pid 3834] close(3) = 0 [pid 3834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3834] memfd_create("syzkaller", 0) = 3 [pid 3834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3834] munmap(0x7eff5e600000, 2097152) = 0 [pid 3834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3834] close(3) = 0 [pid 3834] mkdir("./file0", 0777) = 0 [ 81.282188][ T3834] loop0: detected capacity change from 0 to 4096 [ 81.299674][ T3834] NILFS (loop0): invalid segment: Checksum error in segment payload [ 81.307722][ T3834] NILFS (loop0): trying rollback from an earlier position [ 81.321230][ T3834] NILFS (loop0): recovery complete [pid 3834] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3834] chdir("./file0") = 0 [pid 3834] ioctl(4, LOOP_CLR_FD) = 0 [pid 3834] close(4) = 0 [pid 3834] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3834] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 81.327252][ T3835] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3834] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3834] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3834] exit_group(0) = ? [pid 3834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3836 ./strace-static-x86_64: Process 3836 attached [pid 3836] chdir("./98") = 0 [pid 3836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3836] setpgid(0, 0) = 0 [pid 3836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3836] write(3, "1000", 4) = 4 [pid 3836] close(3) = 0 [pid 3836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3836] memfd_create("syzkaller", 0) = 3 [pid 3836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3836] munmap(0x7eff5e600000, 2097152) = 0 [pid 3836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3836] close(3) = 0 [pid 3836] mkdir("./file0", 0777) = 0 [ 81.595291][ T3836] loop0: detected capacity change from 0 to 4096 [ 81.611659][ T3836] NILFS (loop0): invalid segment: Checksum error in segment payload [ 81.619797][ T3836] NILFS (loop0): trying rollback from an earlier position [ 81.632276][ T3836] NILFS (loop0): recovery complete [pid 3836] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3836] chdir("./file0") = 0 [pid 3836] ioctl(4, LOOP_CLR_FD) = 0 [pid 3836] close(4) = 0 [pid 3836] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3836] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3836] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 81.638302][ T3837] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3836] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3836] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3836] exit_group(0) = ? [pid 3836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3836, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3838 ./strace-static-x86_64: Process 3838 attached [pid 3838] chdir("./99") = 0 [pid 3838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3838] setpgid(0, 0) = 0 [pid 3838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3838] write(3, "1000", 4) = 4 [pid 3838] close(3) = 0 [pid 3838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3838] memfd_create("syzkaller", 0) = 3 [pid 3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3838] munmap(0x7eff5e600000, 2097152) = 0 [pid 3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3838] close(3) = 0 [pid 3838] mkdir("./file0", 0777) = 0 [pid 3838] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3838] chdir("./file0") = 0 [ 81.889490][ T3838] loop0: detected capacity change from 0 to 4096 [ 81.904936][ T3838] NILFS (loop0): invalid segment: Checksum error in segment payload [ 81.913048][ T3838] NILFS (loop0): trying rollback from an earlier position [ 81.926153][ T3838] NILFS (loop0): recovery complete [pid 3838] ioctl(4, LOOP_CLR_FD) = 0 [pid 3838] close(4) = 0 [pid 3838] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3838] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3838] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 81.932240][ T3839] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.947386][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 81.947399][ T27] audit: type=1800 audit(1670141571.217:101): pid=3838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3838] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3838] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3838] exit_group(0) = ? [pid 3838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3838, si_uid=0, si_status=0, si_utime=1, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3840 ./strace-static-x86_64: Process 3840 attached [pid 3840] chdir("./100") = 0 [pid 3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3840] setpgid(0, 0) = 0 [pid 3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3840] write(3, "1000", 4) = 4 [pid 3840] close(3) = 0 [pid 3840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3840] memfd_create("syzkaller", 0) = 3 [pid 3840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3840] munmap(0x7eff5e600000, 2097152) = 0 [pid 3840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3840] close(3) = 0 [pid 3840] mkdir("./file0", 0777) = 0 [pid 3840] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 82.198679][ T3840] loop0: detected capacity change from 0 to 4096 [ 82.214113][ T3840] NILFS (loop0): invalid segment: Checksum error in segment payload [ 82.222359][ T3840] NILFS (loop0): trying rollback from an earlier position [ 82.235518][ T3840] NILFS (loop0): recovery complete [pid 3840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3840] chdir("./file0") = 0 [pid 3840] ioctl(4, LOOP_CLR_FD) = 0 [pid 3840] close(4) = 0 [pid 3840] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3840] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3840] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 82.241544][ T3841] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.256194][ T27] audit: type=1800 audit(1670141571.537:102): pid=3840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3840] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3840] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3840] exit_group(0) = ? [pid 3840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3842 ./strace-static-x86_64: Process 3842 attached [pid 3842] chdir("./101") = 0 [pid 3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3842] setpgid(0, 0) = 0 [pid 3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3842] write(3, "1000", 4) = 4 [pid 3842] close(3) = 0 [pid 3842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3842] memfd_create("syzkaller", 0) = 3 [pid 3842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3842] munmap(0x7eff5e600000, 2097152) = 0 [pid 3842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3842] close(3) = 0 [pid 3842] mkdir("./file0", 0777) = 0 [ 82.512895][ T3842] loop0: detected capacity change from 0 to 4096 [ 82.528262][ T3842] NILFS (loop0): invalid segment: Checksum error in segment payload [ 82.536273][ T3842] NILFS (loop0): trying rollback from an earlier position [ 82.549659][ T3842] NILFS (loop0): recovery complete [pid 3842] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3842] chdir("./file0") = 0 [pid 3842] ioctl(4, LOOP_CLR_FD) = 0 [pid 3842] close(4) = 0 [pid 3842] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3842] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3842] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 82.555796][ T3843] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.572680][ T27] audit: type=1800 audit(1670141571.857:103): pid=3842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3842] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3842] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3842] exit_group(0) = ? [pid 3842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3844 attached , child_tidptr=0x5555555775d0) = 3844 [pid 3844] chdir("./102") = 0 [pid 3844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3844] setpgid(0, 0) = 0 [pid 3844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3844] write(3, "1000", 4) = 4 [pid 3844] close(3) = 0 [pid 3844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3844] memfd_create("syzkaller", 0) = 3 [pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3844] munmap(0x7eff5e600000, 2097152) = 0 [pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3844] close(3) = 0 [pid 3844] mkdir("./file0", 0777) = 0 [ 82.850752][ T3844] loop0: detected capacity change from 0 to 4096 [ 82.868339][ T3844] NILFS (loop0): invalid segment: Checksum error in segment payload [ 82.876386][ T3844] NILFS (loop0): trying rollback from an earlier position [ 82.890800][ T3844] NILFS (loop0): recovery complete [pid 3844] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3844] chdir("./file0") = 0 [pid 3844] ioctl(4, LOOP_CLR_FD) = 0 [pid 3844] close(4) = 0 [pid 3844] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 82.896530][ T3845] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3844] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 82.930788][ T27] audit: type=1800 audit(1670141572.217:104): pid=3844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3844] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3844] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3844] exit_group(0) = ? [pid 3844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3844, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3846 ./strace-static-x86_64: Process 3846 attached [pid 3846] chdir("./103") = 0 [pid 3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3846] setpgid(0, 0) = 0 [pid 3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3846] write(3, "1000", 4) = 4 [pid 3846] close(3) = 0 [pid 3846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3846] memfd_create("syzkaller", 0) = 3 [pid 3846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3846] munmap(0x7eff5e600000, 2097152) = 0 [pid 3846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3846] close(3) = 0 [pid 3846] mkdir("./file0", 0777) = 0 [ 83.174692][ T3846] loop0: detected capacity change from 0 to 4096 [ 83.189701][ T3846] NILFS (loop0): invalid segment: Checksum error in segment payload [ 83.197732][ T3846] NILFS (loop0): trying rollback from an earlier position [ 83.210189][ T3846] NILFS (loop0): recovery complete [pid 3846] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3846] chdir("./file0") = 0 [pid 3846] ioctl(4, LOOP_CLR_FD) = 0 [pid 3846] close(4) = 0 [pid 3846] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3846] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3846] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 83.216260][ T3847] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.230726][ T27] audit: type=1800 audit(1670141572.517:105): pid=3846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3846] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3846] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3846] exit_group(0) = ? [pid 3846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3848 ./strace-static-x86_64: Process 3848 attached [pid 3848] chdir("./104") = 0 [pid 3848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3848] setpgid(0, 0) = 0 [pid 3848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3848] write(3, "1000", 4) = 4 [pid 3848] close(3) = 0 [pid 3848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3848] memfd_create("syzkaller", 0) = 3 [pid 3848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3848] munmap(0x7eff5e600000, 2097152) = 0 [pid 3848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3848] close(3) = 0 [pid 3848] mkdir("./file0", 0777) = 0 [ 83.496149][ T3848] loop0: detected capacity change from 0 to 4096 [ 83.510670][ T3848] NILFS (loop0): invalid segment: Checksum error in segment payload [ 83.518698][ T3848] NILFS (loop0): trying rollback from an earlier position [ 83.531383][ T3848] NILFS (loop0): recovery complete [pid 3848] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3848] chdir("./file0") = 0 [pid 3848] ioctl(4, LOOP_CLR_FD) = 0 [pid 3848] close(4) = 0 [pid 3848] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3848] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3848] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 83.537297][ T3849] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.555000][ T27] audit: type=1800 audit(1670141572.837:106): pid=3848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3848] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3848] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3848] exit_group(0) = ? [pid 3848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3848, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3850 attached , child_tidptr=0x5555555775d0) = 3850 [pid 3850] chdir("./105") = 0 [pid 3850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3850] setpgid(0, 0) = 0 [pid 3850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3850] write(3, "1000", 4) = 4 [pid 3850] close(3) = 0 [pid 3850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3850] memfd_create("syzkaller", 0) = 3 [pid 3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3850] munmap(0x7eff5e600000, 2097152) = 0 [pid 3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3850] close(3) = 0 [pid 3850] mkdir("./file0", 0777) = 0 [ 83.819056][ T3850] loop0: detected capacity change from 0 to 4096 [ 83.834375][ T3850] NILFS (loop0): invalid segment: Checksum error in segment payload [ 83.842569][ T3850] NILFS (loop0): trying rollback from an earlier position [ 83.855888][ T3850] NILFS (loop0): recovery complete [pid 3850] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3850] chdir("./file0") = 0 [pid 3850] ioctl(4, LOOP_CLR_FD) = 0 [pid 3850] close(4) = 0 [pid 3850] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 83.862211][ T3851] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3850] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3850] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 83.890075][ T27] audit: type=1800 audit(1670141573.177:107): pid=3850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3850] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3850] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3850] exit_group(0) = ? [pid 3850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3850, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3852 ./strace-static-x86_64: Process 3852 attached [pid 3852] chdir("./106") = 0 [pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3852] setpgid(0, 0) = 0 [pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3852] write(3, "1000", 4) = 4 [pid 3852] close(3) = 0 [pid 3852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3852] memfd_create("syzkaller", 0) = 3 [pid 3852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3852] munmap(0x7eff5e600000, 2097152) = 0 [pid 3852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3852] close(3) = 0 [pid 3852] mkdir("./file0", 0777) = 0 [ 84.146040][ T3852] loop0: detected capacity change from 0 to 4096 [ 84.162066][ T3852] NILFS (loop0): invalid segment: Checksum error in segment payload [ 84.170191][ T3852] NILFS (loop0): trying rollback from an earlier position [ 84.183334][ T3852] NILFS (loop0): recovery complete [pid 3852] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3852] chdir("./file0") = 0 [pid 3852] ioctl(4, LOOP_CLR_FD) = 0 [pid 3852] close(4) = 0 [pid 3852] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3852] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3852] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 84.189544][ T3853] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.206787][ T27] audit: type=1800 audit(1670141573.487:108): pid=3852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3852] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3852] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3852] exit_group(0) = ? [pid 3852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3854 attached [pid 3854] chdir("./107" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 3854 [pid 3854] <... chdir resumed>) = 0 [pid 3854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3854] setpgid(0, 0) = 0 [pid 3854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3854] write(3, "1000", 4) = 4 [pid 3854] close(3) = 0 [pid 3854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3854] memfd_create("syzkaller", 0) = 3 [pid 3854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3854] munmap(0x7eff5e600000, 2097152) = 0 [pid 3854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3854] close(3) = 0 [pid 3854] mkdir("./file0", 0777) = 0 [ 84.458820][ T3854] loop0: detected capacity change from 0 to 4096 [ 84.474285][ T3854] NILFS (loop0): invalid segment: Checksum error in segment payload [ 84.482427][ T3854] NILFS (loop0): trying rollback from an earlier position [ 84.496301][ T3854] NILFS (loop0): recovery complete [pid 3854] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3854] chdir("./file0") = 0 [pid 3854] ioctl(4, LOOP_CLR_FD) = 0 [pid 3854] close(4) = 0 [pid 3854] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3854] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3854] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 84.502928][ T3855] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.527439][ T27] audit: type=1800 audit(1670141573.807:109): pid=3854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3854] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3854] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3854] exit_group(0) = ? [pid 3854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3854, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3856 ./strace-static-x86_64: Process 3856 attached [pid 3856] chdir("./108") = 0 [pid 3856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3856] setpgid(0, 0) = 0 [pid 3856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3856] write(3, "1000", 4) = 4 [pid 3856] close(3) = 0 [pid 3856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3856] memfd_create("syzkaller", 0) = 3 [pid 3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3856] munmap(0x7eff5e600000, 2097152) = 0 [pid 3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3856] close(3) = 0 [pid 3856] mkdir("./file0", 0777) = 0 [pid 3856] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3856] chdir("./file0") = 0 [ 84.780545][ T3856] loop0: detected capacity change from 0 to 4096 [ 84.796275][ T3856] NILFS (loop0): invalid segment: Checksum error in segment payload [ 84.804403][ T3856] NILFS (loop0): trying rollback from an earlier position [ 84.817715][ T3856] NILFS (loop0): recovery complete [pid 3856] ioctl(4, LOOP_CLR_FD) = 0 [pid 3856] close(4) = 0 [pid 3856] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3856] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3856] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 84.823558][ T3857] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.842518][ T27] audit: type=1800 audit(1670141574.127:110): pid=3856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3856] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3856] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3856] exit_group(0) = ? [pid 3856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3856, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3858 ./strace-static-x86_64: Process 3858 attached [pid 3858] chdir("./109") = 0 [pid 3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3858] setpgid(0, 0) = 0 [pid 3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3858] write(3, "1000", 4) = 4 [pid 3858] close(3) = 0 [pid 3858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3858] memfd_create("syzkaller", 0) = 3 [pid 3858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3858] munmap(0x7eff5e600000, 2097152) = 0 [pid 3858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3858] close(3) = 0 [pid 3858] mkdir("./file0", 0777) = 0 [pid 3858] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3858] chdir("./file0") = 0 [pid 3858] ioctl(4, LOOP_CLR_FD) = 0 [pid 3858] close(4) = 0 [pid 3858] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 85.100584][ T3858] loop0: detected capacity change from 0 to 4096 [ 85.115188][ T3858] NILFS (loop0): invalid segment: Checksum error in segment payload [ 85.123232][ T3858] NILFS (loop0): trying rollback from an earlier position [ 85.136715][ T3858] NILFS (loop0): recovery complete [pid 3858] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3858] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 85.143140][ T3859] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3858] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3858] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3858] exit_group(0) = ? [pid 3858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3860 ./strace-static-x86_64: Process 3860 attached [pid 3860] chdir("./110") = 0 [pid 3860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3860] setpgid(0, 0) = 0 [pid 3860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3860] write(3, "1000", 4) = 4 [pid 3860] close(3) = 0 [pid 3860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3860] memfd_create("syzkaller", 0) = 3 [pid 3860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3860] munmap(0x7eff5e600000, 2097152) = 0 [pid 3860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3860] close(3) = 0 [pid 3860] mkdir("./file0", 0777) = 0 [pid 3860] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3860] chdir("./file0") = 0 [pid 3860] ioctl(4, LOOP_CLR_FD) = 0 [ 85.399684][ T3860] loop0: detected capacity change from 0 to 4096 [ 85.415057][ T3860] NILFS (loop0): invalid segment: Checksum error in segment payload [ 85.423103][ T3860] NILFS (loop0): trying rollback from an earlier position [ 85.438327][ T3860] NILFS (loop0): recovery complete [pid 3860] close(4) = 0 [pid 3860] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3860] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3860] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 85.448105][ T3861] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3860] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3860] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3860] exit_group(0) = ? [pid 3860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3860, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3862 ./strace-static-x86_64: Process 3862 attached [pid 3862] chdir("./111") = 0 [pid 3862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3862] setpgid(0, 0) = 0 [pid 3862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3862] write(3, "1000", 4) = 4 [pid 3862] close(3) = 0 [pid 3862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3862] memfd_create("syzkaller", 0) = 3 [pid 3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3862] munmap(0x7eff5e600000, 2097152) = 0 [pid 3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3862] close(3) = 0 [pid 3862] mkdir("./file0", 0777) = 0 [ 85.710260][ T3862] loop0: detected capacity change from 0 to 4096 [ 85.737158][ T3862] NILFS (loop0): invalid segment: Checksum error in segment payload [ 85.745311][ T3862] NILFS (loop0): trying rollback from an earlier position [pid 3862] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3862] chdir("./file0") = 0 [pid 3862] ioctl(4, LOOP_CLR_FD) = 0 [pid 3862] close(4) = 0 [pid 3862] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3862] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3862] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 85.758719][ T3862] NILFS (loop0): recovery complete [ 85.765119][ T3863] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3862] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3862] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3862] exit_group(0) = ? [pid 3862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3862, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] chdir("./112") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] memfd_create("syzkaller", 0) = 3 [pid 3864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3864] munmap(0x7eff5e600000, 2097152) = 0 [pid 3864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3864] close(3) = 0 [pid 3864] mkdir("./file0", 0777) = 0 [ 86.029951][ T3864] loop0: detected capacity change from 0 to 4096 [ 86.043565][ T3864] NILFS (loop0): invalid segment: Checksum error in segment payload [ 86.051730][ T3864] NILFS (loop0): trying rollback from an earlier position [ 86.064925][ T3864] NILFS (loop0): recovery complete [pid 3864] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3864] chdir("./file0") = 0 [pid 3864] ioctl(4, LOOP_CLR_FD) = 0 [pid 3864] close(4) = 0 [pid 3864] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3864] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3864] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 86.071052][ T3865] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3864] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3864] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3864] exit_group(0) = ? [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3866 ./strace-static-x86_64: Process 3866 attached [pid 3866] chdir("./113") = 0 [pid 3866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3866] setpgid(0, 0) = 0 [pid 3866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3866] write(3, "1000", 4) = 4 [pid 3866] close(3) = 0 [pid 3866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3866] memfd_create("syzkaller", 0) = 3 [pid 3866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3866] munmap(0x7eff5e600000, 2097152) = 0 [pid 3866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3866] close(3) = 0 [pid 3866] mkdir("./file0", 0777) = 0 [ 86.317200][ T3866] loop0: detected capacity change from 0 to 4096 [ 86.334902][ T3866] NILFS (loop0): invalid segment: Checksum error in segment payload [ 86.342982][ T3866] NILFS (loop0): trying rollback from an earlier position [ 86.356258][ T3866] NILFS (loop0): recovery complete [pid 3866] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3866] chdir("./file0") = 0 [pid 3866] ioctl(4, LOOP_CLR_FD) = 0 [pid 3866] close(4) = 0 [pid 3866] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3866] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3866] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 86.362515][ T3867] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3866] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3866] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3866] exit_group(0) = ? [pid 3866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3866, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3868 ./strace-static-x86_64: Process 3868 attached [pid 3868] chdir("./114") = 0 [pid 3868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3868] setpgid(0, 0) = 0 [pid 3868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3868] write(3, "1000", 4) = 4 [pid 3868] close(3) = 0 [pid 3868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3868] memfd_create("syzkaller", 0) = 3 [pid 3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3868] munmap(0x7eff5e600000, 2097152) = 0 [pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3868] close(3) = 0 [pid 3868] mkdir("./file0", 0777) = 0 [pid 3868] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3868] chdir("./file0") = 0 [pid 3868] ioctl(4, LOOP_CLR_FD) = 0 [pid 3868] close(4) = 0 [pid 3868] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3868] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3868] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 86.613216][ T3868] loop0: detected capacity change from 0 to 4096 [ 86.628710][ T3868] NILFS (loop0): invalid segment: Checksum error in segment payload [ 86.636765][ T3868] NILFS (loop0): trying rollback from an earlier position [ 86.649982][ T3868] NILFS (loop0): recovery complete [ 86.669368][ T3869] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3868] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3868] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3868] exit_group(0) = ? [pid 3868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3868, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3870 ./strace-static-x86_64: Process 3870 attached [pid 3870] chdir("./115") = 0 [pid 3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3870] setpgid(0, 0) = 0 [pid 3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3870] write(3, "1000", 4) = 4 [pid 3870] close(3) = 0 [pid 3870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3870] memfd_create("syzkaller", 0) = 3 [pid 3870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3870] munmap(0x7eff5e600000, 2097152) = 0 [pid 3870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3870] close(3) = 0 [pid 3870] mkdir("./file0", 0777) = 0 [ 86.913590][ T3870] loop0: detected capacity change from 0 to 4096 [ 86.928721][ T3870] NILFS (loop0): invalid segment: Checksum error in segment payload [ 86.936734][ T3870] NILFS (loop0): trying rollback from an earlier position [ 86.949846][ T3870] NILFS (loop0): recovery complete [pid 3870] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3870] chdir("./file0") = 0 [pid 3870] ioctl(4, LOOP_CLR_FD) = 0 [pid 3870] close(4) = 0 [pid 3870] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3870] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3870] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 86.956134][ T3871] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 86.974314][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 86.974327][ T27] audit: type=1800 audit(1670141576.247:117): pid=3870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3870] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3870] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3870] exit_group(0) = ? [pid 3870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3872 ./strace-static-x86_64: Process 3872 attached [pid 3872] chdir("./116") = 0 [pid 3872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3872] setpgid(0, 0) = 0 [pid 3872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3872] write(3, "1000", 4) = 4 [pid 3872] close(3) = 0 [pid 3872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3872] memfd_create("syzkaller", 0) = 3 [pid 3872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3872] munmap(0x7eff5e600000, 2097152) = 0 [pid 3872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3872] close(3) = 0 [pid 3872] mkdir("./file0", 0777) = 0 [ 87.219568][ T3872] loop0: detected capacity change from 0 to 4096 [ 87.235471][ T3872] NILFS (loop0): invalid segment: Checksum error in segment payload [ 87.243625][ T3872] NILFS (loop0): trying rollback from an earlier position [ 87.257450][ T3872] NILFS (loop0): recovery complete [pid 3872] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3872] chdir("./file0") = 0 [pid 3872] ioctl(4, LOOP_CLR_FD) = 0 [pid 3872] close(4) = 0 [pid 3872] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3872] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3872] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 87.263737][ T3873] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 87.277457][ T27] audit: type=1800 audit(1670141576.547:118): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3872] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3872] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3872] exit_group(0) = ? [pid 3872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3874 ./strace-static-x86_64: Process 3874 attached [pid 3874] chdir("./117") = 0 [pid 3874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3874] setpgid(0, 0) = 0 [pid 3874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3874] write(3, "1000", 4) = 4 [pid 3874] close(3) = 0 [pid 3874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3874] memfd_create("syzkaller", 0) = 3 [pid 3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3874] munmap(0x7eff5e600000, 2097152) = 0 [pid 3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3874] close(3) = 0 [pid 3874] mkdir("./file0", 0777) = 0 [ 87.518199][ T3874] loop0: detected capacity change from 0 to 4096 [ 87.535291][ T3874] NILFS (loop0): invalid segment: Checksum error in segment payload [ 87.543515][ T3874] NILFS (loop0): trying rollback from an earlier position [ 87.557817][ T3874] NILFS (loop0): recovery complete [pid 3874] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3874] chdir("./file0") = 0 [pid 3874] ioctl(4, LOOP_CLR_FD) = 0 [pid 3874] close(4) = 0 [pid 3874] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3874] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3874] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 87.563778][ T3875] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 87.567490][ T27] audit: type=1800 audit(1670141576.847:119): pid=3874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3874] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3874] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3874] exit_group(0) = ? [pid 3874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3876 ./strace-static-x86_64: Process 3876 attached [pid 3876] chdir("./118") = 0 [pid 3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3876] setpgid(0, 0) = 0 [pid 3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3876] write(3, "1000", 4) = 4 [pid 3876] close(3) = 0 [pid 3876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3876] memfd_create("syzkaller", 0) = 3 [pid 3876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3876] munmap(0x7eff5e600000, 2097152) = 0 [pid 3876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3876] close(3) = 0 [pid 3876] mkdir("./file0", 0777) = 0 [ 87.830224][ T3876] loop0: detected capacity change from 0 to 4096 [ 87.856231][ T3876] NILFS (loop0): invalid segment: Checksum error in segment payload [ 87.864310][ T3876] NILFS (loop0): trying rollback from an earlier position [pid 3876] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3876] chdir("./file0") = 0 [pid 3876] ioctl(4, LOOP_CLR_FD) = 0 [pid 3876] close(4) = 0 [pid 3876] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3876] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3876] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 87.877523][ T3876] NILFS (loop0): recovery complete [ 87.883465][ T3877] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 87.902322][ T27] audit: type=1800 audit(1670141577.187:120): pid=3876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3876] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3876] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3876] exit_group(0) = ? [pid 3876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3878 ./strace-static-x86_64: Process 3878 attached [pid 3878] chdir("./119") = 0 [pid 3878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3878] setpgid(0, 0) = 0 [pid 3878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3878] write(3, "1000", 4) = 4 [pid 3878] close(3) = 0 [pid 3878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3878] memfd_create("syzkaller", 0) = 3 [pid 3878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3878] munmap(0x7eff5e600000, 2097152) = 0 [pid 3878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3878] close(3) = 0 [pid 3878] mkdir("./file0", 0777) = 0 [ 88.162733][ T3878] loop0: detected capacity change from 0 to 4096 [ 88.177734][ T3878] NILFS (loop0): invalid segment: Checksum error in segment payload [ 88.185785][ T3878] NILFS (loop0): trying rollback from an earlier position [ 88.199236][ T3878] NILFS (loop0): recovery complete [pid 3878] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3878] chdir("./file0") = 0 [pid 3878] ioctl(4, LOOP_CLR_FD) = 0 [pid 3878] close(4) = 0 [pid 3878] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3878] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3878] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 88.204978][ T3879] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.226375][ T27] audit: type=1800 audit(1670141577.507:121): pid=3878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3878] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3878] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3878] exit_group(0) = ? [pid 3878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3880 attached , child_tidptr=0x5555555775d0) = 3880 [pid 3880] chdir("./120") = 0 [pid 3880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3880] setpgid(0, 0) = 0 [pid 3880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3880] write(3, "1000", 4) = 4 [pid 3880] close(3) = 0 [pid 3880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3880] memfd_create("syzkaller", 0) = 3 [pid 3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3880] munmap(0x7eff5e600000, 2097152) = 0 [pid 3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3880] close(3) = 0 [pid 3880] mkdir("./file0", 0777) = 0 [ 88.480718][ T3880] loop0: detected capacity change from 0 to 4096 [ 88.495211][ T3880] NILFS (loop0): invalid segment: Checksum error in segment payload [ 88.503258][ T3880] NILFS (loop0): trying rollback from an earlier position [ 88.516588][ T3880] NILFS (loop0): recovery complete [pid 3880] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3880] chdir("./file0") = 0 [pid 3880] ioctl(4, LOOP_CLR_FD) = 0 [pid 3880] close(4) = 0 [pid 3880] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3880] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3880] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 88.522994][ T3881] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.549008][ T27] audit: type=1800 audit(1670141577.837:122): pid=3880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3880] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3880] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3880] exit_group(0) = ? [pid 3880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3882 ./strace-static-x86_64: Process 3882 attached [pid 3882] chdir("./121") = 0 [pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3882] setpgid(0, 0) = 0 [pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3882] write(3, "1000", 4) = 4 [pid 3882] close(3) = 0 [pid 3882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3882] memfd_create("syzkaller", 0) = 3 [pid 3882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3882] munmap(0x7eff5e600000, 2097152) = 0 [pid 3882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3882] close(3) = 0 [pid 3882] mkdir("./file0", 0777) = 0 [ 88.799776][ T3882] loop0: detected capacity change from 0 to 4096 [ 88.816216][ T3882] NILFS (loop0): invalid segment: Checksum error in segment payload [ 88.824279][ T3882] NILFS (loop0): trying rollback from an earlier position [ 88.837510][ T3882] NILFS (loop0): recovery complete [pid 3882] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3882] chdir("./file0") = 0 [pid 3882] ioctl(4, LOOP_CLR_FD) = 0 [pid 3882] close(4) = 0 [pid 3882] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3882] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3882] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 88.843702][ T3883] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.854710][ T27] audit: type=1800 audit(1670141578.137:123): pid=3882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3882] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3882] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3882] exit_group(0) = ? [pid 3882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3884 ./strace-static-x86_64: Process 3884 attached [pid 3884] chdir("./122") = 0 [pid 3884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3884] setpgid(0, 0) = 0 [pid 3884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3884] write(3, "1000", 4) = 4 [pid 3884] close(3) = 0 [pid 3884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3884] memfd_create("syzkaller", 0) = 3 [pid 3884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3884] munmap(0x7eff5e600000, 2097152) = 0 [pid 3884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3884] close(3) = 0 [pid 3884] mkdir("./file0", 0777) = 0 [pid 3884] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 89.080196][ T3884] loop0: detected capacity change from 0 to 4096 [ 89.094636][ T3884] NILFS (loop0): invalid segment: Checksum error in segment payload [ 89.102738][ T3884] NILFS (loop0): trying rollback from an earlier position [ 89.115651][ T3884] NILFS (loop0): recovery complete [pid 3884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3884] chdir("./file0") = 0 [pid 3884] ioctl(4, LOOP_CLR_FD) = 0 [pid 3884] close(4) = 0 [pid 3884] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3884] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3884] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 89.122398][ T3885] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 89.137457][ T27] audit: type=1800 audit(1670141578.417:124): pid=3884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3884] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3884] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3884] exit_group(0) = ? [pid 3884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3884, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3886 ./strace-static-x86_64: Process 3886 attached [pid 3886] chdir("./123") = 0 [pid 3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3886] setpgid(0, 0) = 0 [pid 3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3886] write(3, "1000", 4) = 4 [pid 3886] close(3) = 0 [pid 3886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3886] memfd_create("syzkaller", 0) = 3 [pid 3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3886] munmap(0x7eff5e600000, 2097152) = 0 [pid 3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3886] close(3) = 0 [pid 3886] mkdir("./file0", 0777) = 0 [ 89.391269][ T3886] loop0: detected capacity change from 0 to 4096 [ 89.407128][ T3886] NILFS (loop0): invalid segment: Checksum error in segment payload [ 89.415184][ T3886] NILFS (loop0): trying rollback from an earlier position [ 89.428120][ T3886] NILFS (loop0): recovery complete [pid 3886] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3886] chdir("./file0") = 0 [pid 3886] ioctl(4, LOOP_CLR_FD) = 0 [pid 3886] close(4) = 0 [pid 3886] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3886] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3886] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 89.434292][ T3887] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 89.449572][ T27] audit: type=1800 audit(1670141578.737:125): pid=3886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3886] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3886] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3886] exit_group(0) = ? [pid 3886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3888 ./strace-static-x86_64: Process 3888 attached [pid 3888] chdir("./124") = 0 [pid 3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3888] setpgid(0, 0) = 0 [pid 3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3888] write(3, "1000", 4) = 4 [pid 3888] close(3) = 0 [pid 3888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3888] memfd_create("syzkaller", 0) = 3 [pid 3888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3888] munmap(0x7eff5e600000, 2097152) = 0 [pid 3888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3888] close(3) = 0 [pid 3888] mkdir("./file0", 0777) = 0 [pid 3888] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3888] chdir("./file0") = 0 [pid 3888] ioctl(4, LOOP_CLR_FD) = 0 [pid 3888] close(4) = 0 [pid 3888] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3888] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3888] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 89.692842][ T3888] loop0: detected capacity change from 0 to 4096 [ 89.707379][ T3888] NILFS (loop0): invalid segment: Checksum error in segment payload [ 89.715444][ T3888] NILFS (loop0): trying rollback from an earlier position [ 89.728886][ T3888] NILFS (loop0): recovery complete [ 89.735156][ T3889] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 89.745792][ T27] audit: type=1800 audit(1670141579.027:126): pid=3888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3888] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3888] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3888] exit_group(0) = ? [pid 3888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3890 ./strace-static-x86_64: Process 3890 attached [pid 3890] chdir("./125") = 0 [pid 3890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3890] setpgid(0, 0) = 0 [pid 3890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3890] write(3, "1000", 4) = 4 [pid 3890] close(3) = 0 [pid 3890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3890] memfd_create("syzkaller", 0) = 3 [pid 3890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3890] munmap(0x7eff5e600000, 2097152) = 0 [pid 3890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3890] close(3) = 0 [pid 3890] mkdir("./file0", 0777) = 0 [ 89.992869][ T3890] loop0: detected capacity change from 0 to 4096 [ 90.007416][ T3890] NILFS (loop0): invalid segment: Checksum error in segment payload [ 90.015429][ T3890] NILFS (loop0): trying rollback from an earlier position [ 90.028481][ T3890] NILFS (loop0): recovery complete [pid 3890] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3890] chdir("./file0") = 0 [pid 3890] ioctl(4, LOOP_CLR_FD) = 0 [pid 3890] close(4) = 0 [pid 3890] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3890] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3890] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 90.034818][ T3891] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3890] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3890] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3890] exit_group(0) = ? [pid 3890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3890, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3892 ./strace-static-x86_64: Process 3892 attached [pid 3892] chdir("./126") = 0 [pid 3892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3892] setpgid(0, 0) = 0 [pid 3892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3892] write(3, "1000", 4) = 4 [pid 3892] close(3) = 0 [pid 3892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3892] memfd_create("syzkaller", 0) = 3 [pid 3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3892] munmap(0x7eff5e600000, 2097152) = 0 [pid 3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3892] close(3) = 0 [pid 3892] mkdir("./file0", 0777) = 0 [ 90.293481][ T3892] loop0: detected capacity change from 0 to 4096 [ 90.309625][ T3892] NILFS (loop0): invalid segment: Checksum error in segment payload [ 90.317851][ T3892] NILFS (loop0): trying rollback from an earlier position [ 90.330584][ T3892] NILFS (loop0): recovery complete [pid 3892] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3892] chdir("./file0") = 0 [pid 3892] ioctl(4, LOOP_CLR_FD) = 0 [pid 3892] close(4) = 0 [pid 3892] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3892] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3892] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 90.336877][ T3893] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3892] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3892] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3892] exit_group(0) = ? [pid 3892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3892, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3894 ./strace-static-x86_64: Process 3894 attached [pid 3894] chdir("./127") = 0 [pid 3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3894] setpgid(0, 0) = 0 [pid 3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3894] write(3, "1000", 4) = 4 [pid 3894] close(3) = 0 [pid 3894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3894] memfd_create("syzkaller", 0) = 3 [pid 3894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3894] munmap(0x7eff5e600000, 2097152) = 0 [pid 3894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3894] close(3) = 0 [pid 3894] mkdir("./file0", 0777) = 0 [ 90.584823][ T3894] loop0: detected capacity change from 0 to 4096 [ 90.602770][ T3894] NILFS (loop0): invalid segment: Checksum error in segment payload [ 90.610952][ T3894] NILFS (loop0): trying rollback from an earlier position [ 90.624392][ T3894] NILFS (loop0): recovery complete [pid 3894] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3894] chdir("./file0") = 0 [pid 3894] ioctl(4, LOOP_CLR_FD) = 0 [pid 3894] close(4) = 0 [pid 3894] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3894] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3894] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 90.630803][ T3895] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3894] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3894] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3894] exit_group(0) = ? [pid 3894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3896 ./strace-static-x86_64: Process 3896 attached [pid 3896] chdir("./128") = 0 [pid 3896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3896] setpgid(0, 0) = 0 [pid 3896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3896] write(3, "1000", 4) = 4 [pid 3896] close(3) = 0 [pid 3896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3896] memfd_create("syzkaller", 0) = 3 [pid 3896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3896] munmap(0x7eff5e600000, 2097152) = 0 [pid 3896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3896] close(3) = 0 [pid 3896] mkdir("./file0", 0777) = 0 [ 90.903759][ T3896] loop0: detected capacity change from 0 to 4096 [ 90.918540][ T3896] NILFS (loop0): invalid segment: Checksum error in segment payload [ 90.926524][ T3896] NILFS (loop0): trying rollback from an earlier position [ 90.940027][ T3896] NILFS (loop0): recovery complete [pid 3896] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3896] chdir("./file0") = 0 [pid 3896] ioctl(4, LOOP_CLR_FD) = 0 [pid 3896] close(4) = 0 [pid 3896] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3896] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3896] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 90.946147][ T3897] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3896] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3896] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3896] exit_group(0) = ? [pid 3896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3896, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3898 ./strace-static-x86_64: Process 3898 attached [pid 3898] chdir("./129") = 0 [pid 3898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3898] setpgid(0, 0) = 0 [pid 3898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3898] write(3, "1000", 4) = 4 [pid 3898] close(3) = 0 [pid 3898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3898] memfd_create("syzkaller", 0) = 3 [pid 3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3898] munmap(0x7eff5e600000, 2097152) = 0 [pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3898] close(3) = 0 [pid 3898] mkdir("./file0", 0777) = 0 [ 91.205864][ T3898] loop0: detected capacity change from 0 to 4096 [ 91.221381][ T3898] NILFS (loop0): invalid segment: Checksum error in segment payload [ 91.229502][ T3898] NILFS (loop0): trying rollback from an earlier position [ 91.242444][ T3898] NILFS (loop0): recovery complete [pid 3898] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3898] chdir("./file0") = 0 [pid 3898] ioctl(4, LOOP_CLR_FD) = 0 [pid 3898] close(4) = 0 [pid 3898] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3898] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3898] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 91.248556][ T3899] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3898] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3898] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3898] exit_group(0) = ? [pid 3898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3898, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3900 ./strace-static-x86_64: Process 3900 attached [pid 3900] chdir("./130") = 0 [pid 3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3900] setpgid(0, 0) = 0 [pid 3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3900] write(3, "1000", 4) = 4 [pid 3900] close(3) = 0 [pid 3900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3900] memfd_create("syzkaller", 0) = 3 [pid 3900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3900] munmap(0x7eff5e600000, 2097152) = 0 [pid 3900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3900] close(3) = 0 [pid 3900] mkdir("./file0", 0777) = 0 [ 91.517173][ T3900] loop0: detected capacity change from 0 to 4096 [ 91.532873][ T3900] NILFS (loop0): invalid segment: Checksum error in segment payload [ 91.540941][ T3900] NILFS (loop0): trying rollback from an earlier position [ 91.554210][ T3900] NILFS (loop0): recovery complete [pid 3900] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3900] chdir("./file0") = 0 [pid 3900] ioctl(4, LOOP_CLR_FD) = 0 [pid 3900] close(4) = 0 [pid 3900] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3900] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3900] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 91.560744][ T3901] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3900] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3900] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3900] exit_group(0) = ? [pid 3900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3902 ./strace-static-x86_64: Process 3902 attached [pid 3902] chdir("./131") = 0 [pid 3902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3902] setpgid(0, 0) = 0 [pid 3902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3902] write(3, "1000", 4) = 4 [pid 3902] close(3) = 0 [pid 3902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3902] memfd_create("syzkaller", 0) = 3 [pid 3902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3902] munmap(0x7eff5e600000, 2097152) = 0 [pid 3902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3902] close(3) = 0 [pid 3902] mkdir("./file0", 0777) = 0 [ 91.809261][ T3902] loop0: detected capacity change from 0 to 4096 [ 91.827526][ T3902] NILFS (loop0): invalid segment: Checksum error in segment payload [ 91.835580][ T3902] NILFS (loop0): trying rollback from an earlier position [ 91.849161][ T3902] NILFS (loop0): recovery complete [pid 3902] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3902] chdir("./file0") = 0 [pid 3902] ioctl(4, LOOP_CLR_FD) = 0 [pid 3902] close(4) = 0 [pid 3902] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3902] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3902] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 91.855470][ T3903] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3902] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3902] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3902] exit_group(0) = ? [pid 3902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3902, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3905 ./strace-static-x86_64: Process 3905 attached [pid 3905] chdir("./132") = 0 [pid 3905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3905] setpgid(0, 0) = 0 [pid 3905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3905] write(3, "1000", 4) = 4 [pid 3905] close(3) = 0 [pid 3905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3905] memfd_create("syzkaller", 0) = 3 [pid 3905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3905] munmap(0x7eff5e600000, 2097152) = 0 [pid 3905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3905] close(3) = 0 [pid 3905] mkdir("./file0", 0777) = 0 [pid 3905] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3905] chdir("./file0") = 0 [pid 3905] ioctl(4, LOOP_CLR_FD) = 0 [ 92.112129][ T3905] loop0: detected capacity change from 0 to 4096 [ 92.127197][ T3905] NILFS (loop0): invalid segment: Checksum error in segment payload [ 92.135514][ T3905] NILFS (loop0): trying rollback from an earlier position [ 92.149980][ T3905] NILFS (loop0): recovery complete [pid 3905] close(4) = 0 [pid 3905] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3905] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3905] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 92.155934][ T3906] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 92.167310][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 92.167322][ T27] audit: type=1800 audit(1670141581.447:134): pid=3905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3905] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3905] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3905] exit_group(0) = ? [pid 3905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3905, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3908 ./strace-static-x86_64: Process 3908 attached [pid 3908] chdir("./133") = 0 [pid 3908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3908] setpgid(0, 0) = 0 [pid 3908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3908] write(3, "1000", 4) = 4 [pid 3908] close(3) = 0 [pid 3908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3908] memfd_create("syzkaller", 0) = 3 [pid 3908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3908] munmap(0x7eff5e600000, 2097152) = 0 [pid 3908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3908] close(3) = 0 [pid 3908] mkdir("./file0", 0777) = 0 [pid 3908] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3908] chdir("./file0") = 0 [pid 3908] ioctl(4, LOOP_CLR_FD) = 0 [ 92.420732][ T3908] loop0: detected capacity change from 0 to 4096 [ 92.434814][ T3908] NILFS (loop0): invalid segment: Checksum error in segment payload [ 92.442850][ T3908] NILFS (loop0): trying rollback from an earlier position [ 92.456297][ T3908] NILFS (loop0): recovery complete [pid 3908] close(4) = 0 [pid 3908] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3908] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3908] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 92.462568][ T3909] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 92.476093][ T27] audit: type=1800 audit(1670141581.757:135): pid=3908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3908] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3908] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3908] exit_group(0) = ? [pid 3908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3908, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3911 ./strace-static-x86_64: Process 3911 attached [pid 3911] chdir("./134") = 0 [pid 3911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3911] setpgid(0, 0) = 0 [pid 3911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3911] write(3, "1000", 4) = 4 [pid 3911] close(3) = 0 [pid 3911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3911] memfd_create("syzkaller", 0) = 3 [pid 3911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3911] munmap(0x7eff5e600000, 2097152) = 0 [pid 3911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3911] close(3) = 0 [pid 3911] mkdir("./file0", 0777) = 0 [ 92.727600][ T3911] loop0: detected capacity change from 0 to 4096 [ 92.744963][ T3911] NILFS (loop0): invalid segment: Checksum error in segment payload [ 92.753215][ T3911] NILFS (loop0): trying rollback from an earlier position [ 92.767277][ T3911] NILFS (loop0): recovery complete [pid 3911] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3911] chdir("./file0") = 0 [pid 3911] ioctl(4, LOOP_CLR_FD) = 0 [pid 3911] close(4) = 0 [pid 3911] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3911] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3911] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 92.773432][ T3912] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 92.802770][ T27] audit: type=1800 audit(1670141582.087:136): pid=3911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3911] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3911] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3911] exit_group(0) = ? [pid 3911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3911, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3914 ./strace-static-x86_64: Process 3914 attached [pid 3914] chdir("./135") = 0 [pid 3914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3914] setpgid(0, 0) = 0 [pid 3914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3914] write(3, "1000", 4) = 4 [pid 3914] close(3) = 0 [pid 3914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3914] memfd_create("syzkaller", 0) = 3 [pid 3914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3914] munmap(0x7eff5e600000, 2097152) = 0 [pid 3914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3914] close(3) = 0 [pid 3914] mkdir("./file0", 0777) = 0 [pid 3914] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3914] chdir("./file0") = 0 [pid 3914] ioctl(4, LOOP_CLR_FD) = 0 [ 93.059214][ T3914] loop0: detected capacity change from 0 to 4096 [ 93.074232][ T3914] NILFS (loop0): invalid segment: Checksum error in segment payload [ 93.082276][ T3914] NILFS (loop0): trying rollback from an earlier position [ 93.096008][ T3914] NILFS (loop0): recovery complete [pid 3914] close(4) = 0 [pid 3914] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3914] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3914] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 93.102233][ T3915] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 93.125563][ T27] audit: type=1800 audit(1670141582.407:137): pid=3914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3914] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3914] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3914] exit_group(0) = ? [pid 3914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3914, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3916 ./strace-static-x86_64: Process 3916 attached [pid 3916] chdir("./136") = 0 [pid 3916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3916] setpgid(0, 0) = 0 [pid 3916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3916] write(3, "1000", 4) = 4 [pid 3916] close(3) = 0 [pid 3916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3916] memfd_create("syzkaller", 0) = 3 [pid 3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3916] munmap(0x7eff5e600000, 2097152) = 0 [pid 3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3916] close(3) = 0 [pid 3916] mkdir("./file0", 0777) = 0 [pid 3916] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3916] chdir("./file0") = 0 [pid 3916] ioctl(4, LOOP_CLR_FD) = 0 [ 93.356226][ T3916] loop0: detected capacity change from 0 to 4096 [ 93.371136][ T3916] NILFS (loop0): invalid segment: Checksum error in segment payload [ 93.379444][ T3916] NILFS (loop0): trying rollback from an earlier position [ 93.392879][ T3916] NILFS (loop0): recovery complete [pid 3916] close(4) = 0 [pid 3916] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3916] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3916] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 93.399533][ T3917] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 93.412030][ T27] audit: type=1800 audit(1670141582.697:138): pid=3916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3916] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3916] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3916] exit_group(0) = ? [pid 3916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3916, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3918 ./strace-static-x86_64: Process 3918 attached [pid 3918] chdir("./137") = 0 [pid 3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3918] setpgid(0, 0) = 0 [pid 3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3918] write(3, "1000", 4) = 4 [pid 3918] close(3) = 0 [pid 3918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3918] memfd_create("syzkaller", 0) = 3 [pid 3918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3918] munmap(0x7eff5e600000, 2097152) = 0 [pid 3918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3918] close(3) = 0 [pid 3918] mkdir("./file0", 0777) = 0 [ 93.654943][ T3918] loop0: detected capacity change from 0 to 4096 [ 93.670734][ T3918] NILFS (loop0): invalid segment: Checksum error in segment payload [ 93.678799][ T3918] NILFS (loop0): trying rollback from an earlier position [ 93.691997][ T3918] NILFS (loop0): recovery complete [pid 3918] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3918] chdir("./file0") = 0 [pid 3918] ioctl(4, LOOP_CLR_FD) = 0 [pid 3918] close(4) = 0 [pid 3918] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 93.698017][ T3919] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3918] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3918] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 93.730750][ T27] audit: type=1800 audit(1670141583.017:139): pid=3918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3918] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3918] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3918] exit_group(0) = ? [pid 3918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3920 ./strace-static-x86_64: Process 3920 attached [pid 3920] chdir("./138") = 0 [pid 3920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3920] setpgid(0, 0) = 0 [pid 3920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3920] write(3, "1000", 4) = 4 [pid 3920] close(3) = 0 [pid 3920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3920] memfd_create("syzkaller", 0) = 3 [pid 3920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3920] munmap(0x7eff5e600000, 2097152) = 0 [pid 3920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3920] close(3) = 0 [pid 3920] mkdir("./file0", 0777) = 0 [ 93.977950][ T3920] loop0: detected capacity change from 0 to 4096 [ 93.993313][ T3920] NILFS (loop0): invalid segment: Checksum error in segment payload [ 94.001375][ T3920] NILFS (loop0): trying rollback from an earlier position [ 94.014598][ T3920] NILFS (loop0): recovery complete [pid 3920] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3920] chdir("./file0") = 0 [pid 3920] ioctl(4, LOOP_CLR_FD) = 0 [pid 3920] close(4) = 0 [pid 3920] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3920] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3920] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 94.027720][ T3922] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.051672][ T27] audit: type=1800 audit(1670141583.337:140): pid=3920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3920] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3920] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3920] exit_group(0) = ? [pid 3920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3920, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3923 ./strace-static-x86_64: Process 3923 attached [pid 3923] chdir("./139") = 0 [pid 3923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3923] setpgid(0, 0) = 0 [pid 3923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3923] write(3, "1000", 4) = 4 [pid 3923] close(3) = 0 [pid 3923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3923] memfd_create("syzkaller", 0) = 3 [pid 3923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3923] munmap(0x7eff5e600000, 2097152) = 0 [pid 3923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3923] close(3) = 0 [pid 3923] mkdir("./file0", 0777) = 0 [ 94.296616][ T3923] loop0: detected capacity change from 0 to 4096 [ 94.312304][ T3923] NILFS (loop0): invalid segment: Checksum error in segment payload [ 94.320343][ T3923] NILFS (loop0): trying rollback from an earlier position [ 94.333509][ T3923] NILFS (loop0): recovery complete [pid 3923] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3923] chdir("./file0") = 0 [pid 3923] ioctl(4, LOOP_CLR_FD) = 0 [pid 3923] close(4) = 0 [pid 3923] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3923] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3923] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 94.339492][ T3924] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.354412][ T27] audit: type=1800 audit(1670141583.637:141): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3923] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3923] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3923] exit_group(0) = ? [pid 3923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3923, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3925 attached , child_tidptr=0x5555555775d0) = 3925 [pid 3925] chdir("./140") = 0 [pid 3925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3925] setpgid(0, 0) = 0 [pid 3925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3925] write(3, "1000", 4) = 4 [pid 3925] close(3) = 0 [pid 3925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3925] memfd_create("syzkaller", 0) = 3 [pid 3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3925] munmap(0x7eff5e600000, 2097152) = 0 [pid 3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3925] close(3) = 0 [pid 3925] mkdir("./file0", 0777) = 0 [ 94.619190][ T3925] loop0: detected capacity change from 0 to 4096 [ 94.633703][ T3925] NILFS (loop0): invalid segment: Checksum error in segment payload [ 94.641956][ T3925] NILFS (loop0): trying rollback from an earlier position [ 94.656503][ T3925] NILFS (loop0): recovery complete [pid 3925] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3925] chdir("./file0") = 0 [pid 3925] ioctl(4, LOOP_CLR_FD) = 0 [pid 3925] close(4) = 0 [pid 3925] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3925] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3925] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 94.662543][ T3926] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.677409][ T27] audit: type=1800 audit(1670141583.947:142): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3925] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3925] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3925] exit_group(0) = ? [pid 3925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3925, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3927 ./strace-static-x86_64: Process 3927 attached [pid 3927] chdir("./141") = 0 [pid 3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3927] setpgid(0, 0) = 0 [pid 3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3927] write(3, "1000", 4) = 4 [pid 3927] close(3) = 0 [pid 3927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3927] memfd_create("syzkaller", 0) = 3 [pid 3927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3927] munmap(0x7eff5e600000, 2097152) = 0 [pid 3927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3927] close(3) = 0 [pid 3927] mkdir("./file0", 0777) = 0 [ 94.931450][ T3927] loop0: detected capacity change from 0 to 4096 [ 94.948705][ T3927] NILFS (loop0): invalid segment: Checksum error in segment payload [ 94.956757][ T3927] NILFS (loop0): trying rollback from an earlier position [ 94.970361][ T3927] NILFS (loop0): recovery complete [pid 3927] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3927] chdir("./file0") = 0 [pid 3927] ioctl(4, LOOP_CLR_FD) = 0 [pid 3927] close(4) = 0 [pid 3927] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3927] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3927] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 94.976184][ T3928] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.993684][ T27] audit: type=1800 audit(1670141584.277:143): pid=3927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3927] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3927] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3927] exit_group(0) = ? [pid 3927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3929 ./strace-static-x86_64: Process 3929 attached [pid 3929] chdir("./142") = 0 [pid 3929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3929] setpgid(0, 0) = 0 [pid 3929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3929] write(3, "1000", 4) = 4 [pid 3929] close(3) = 0 [pid 3929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3929] memfd_create("syzkaller", 0) = 3 [pid 3929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3929] munmap(0x7eff5e600000, 2097152) = 0 [pid 3929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3929] close(3) = 0 [pid 3929] mkdir("./file0", 0777) = 0 [pid 3929] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 95.240485][ T3929] loop0: detected capacity change from 0 to 4096 [ 95.254657][ T3929] NILFS (loop0): invalid segment: Checksum error in segment payload [ 95.262748][ T3929] NILFS (loop0): trying rollback from an earlier position [ 95.275836][ T3929] NILFS (loop0): recovery complete [pid 3929] chdir("./file0") = 0 [pid 3929] ioctl(4, LOOP_CLR_FD) = 0 [pid 3929] close(4) = 0 [pid 3929] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3929] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3929] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 95.282138][ T3930] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3929] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3929] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3929] exit_group(0) = ? [pid 3929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3929, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3931 ./strace-static-x86_64: Process 3931 attached [pid 3931] chdir("./143") = 0 [pid 3931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3931] setpgid(0, 0) = 0 [pid 3931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3931] write(3, "1000", 4) = 4 [pid 3931] close(3) = 0 [pid 3931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3931] memfd_create("syzkaller", 0) = 3 [pid 3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3931] munmap(0x7eff5e600000, 2097152) = 0 [pid 3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3931] close(3) = 0 [pid 3931] mkdir("./file0", 0777) = 0 [ 95.525632][ T3931] loop0: detected capacity change from 0 to 4096 [ 95.541576][ T3931] NILFS (loop0): invalid segment: Checksum error in segment payload [ 95.549669][ T3931] NILFS (loop0): trying rollback from an earlier position [ 95.563535][ T3931] NILFS (loop0): recovery complete [pid 3931] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3931] chdir("./file0") = 0 [pid 3931] ioctl(4, LOOP_CLR_FD) = 0 [pid 3931] close(4) = 0 [pid 3931] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3931] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3931] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 95.569624][ T3933] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3931] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3931] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3931] exit_group(0) = ? [pid 3931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3931, si_uid=0, si_status=0, si_utime=1, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3935 ./strace-static-x86_64: Process 3935 attached [pid 3935] chdir("./144") = 0 [pid 3935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3935] setpgid(0, 0) = 0 [pid 3935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3935] write(3, "1000", 4) = 4 [pid 3935] close(3) = 0 [pid 3935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3935] memfd_create("syzkaller", 0) = 3 [pid 3935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3935] munmap(0x7eff5e600000, 2097152) = 0 [pid 3935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3935] close(3) = 0 [pid 3935] mkdir("./file0", 0777) = 0 [ 95.852885][ T3935] loop0: detected capacity change from 0 to 4096 [ 95.869462][ T3935] NILFS (loop0): invalid segment: Checksum error in segment payload [ 95.877502][ T3935] NILFS (loop0): trying rollback from an earlier position [ 95.891041][ T3935] NILFS (loop0): recovery complete [pid 3935] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3935] chdir("./file0") = 0 [pid 3935] ioctl(4, LOOP_CLR_FD) = 0 [pid 3935] close(4) = 0 [pid 3935] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3935] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3935] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 95.896771][ T3936] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3935] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3935] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3935] exit_group(0) = ? [pid 3935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3935, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3937 ./strace-static-x86_64: Process 3937 attached [pid 3937] chdir("./145") = 0 [pid 3937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3937] setpgid(0, 0) = 0 [pid 3937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3937] write(3, "1000", 4) = 4 [pid 3937] close(3) = 0 [pid 3937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3937] memfd_create("syzkaller", 0) = 3 [pid 3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3937] munmap(0x7eff5e600000, 2097152) = 0 [pid 3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3937] close(3) = 0 [pid 3937] mkdir("./file0", 0777) = 0 [pid 3937] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3937] chdir("./file0") = 0 [pid 3937] ioctl(4, LOOP_CLR_FD) = 0 [pid 3937] close(4) = 0 [pid 3937] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3937] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3937] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 96.166708][ T3937] loop0: detected capacity change from 0 to 4096 [ 96.183833][ T3937] NILFS (loop0): invalid segment: Checksum error in segment payload [ 96.191909][ T3937] NILFS (loop0): trying rollback from an earlier position [ 96.205346][ T3937] NILFS (loop0): recovery complete [ 96.211724][ T3938] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3937] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3937] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3937] exit_group(0) = ? [pid 3937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3937, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3939 attached , child_tidptr=0x5555555775d0) = 3939 [pid 3939] chdir("./146") = 0 [pid 3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3939] setpgid(0, 0) = 0 [pid 3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3939] write(3, "1000", 4) = 4 [pid 3939] close(3) = 0 [pid 3939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3939] memfd_create("syzkaller", 0) = 3 [pid 3939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3939] munmap(0x7eff5e600000, 2097152) = 0 [pid 3939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3939] close(3) = 0 [pid 3939] mkdir("./file0", 0777) = 0 [ 96.472817][ T3939] loop0: detected capacity change from 0 to 4096 [ 96.489013][ T3939] NILFS (loop0): invalid segment: Checksum error in segment payload [ 96.497065][ T3939] NILFS (loop0): trying rollback from an earlier position [ 96.510635][ T3939] NILFS (loop0): recovery complete [pid 3939] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3939] chdir("./file0") = 0 [pid 3939] ioctl(4, LOOP_CLR_FD) = 0 [pid 3939] close(4) = 0 [pid 3939] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3939] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3939] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 96.516467][ T3940] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3939] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3939] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3939] exit_group(0) = ? [pid 3939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3941 ./strace-static-x86_64: Process 3941 attached [pid 3941] chdir("./147") = 0 [pid 3941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3941] setpgid(0, 0) = 0 [pid 3941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3941] write(3, "1000", 4) = 4 [pid 3941] close(3) = 0 [pid 3941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3941] memfd_create("syzkaller", 0) = 3 [pid 3941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3941] munmap(0x7eff5e600000, 2097152) = 0 [pid 3941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3941] close(3) = 0 [pid 3941] mkdir("./file0", 0777) = 0 [pid 3941] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 96.745524][ T3941] loop0: detected capacity change from 0 to 4096 [ 96.764524][ T3941] NILFS (loop0): invalid segment: Checksum error in segment payload [ 96.772682][ T3941] NILFS (loop0): trying rollback from an earlier position [ 96.787762][ T3941] NILFS (loop0): recovery complete [pid 3941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3941] chdir("./file0") = 0 [pid 3941] ioctl(4, LOOP_CLR_FD) = 0 [pid 3941] close(4) = 0 [pid 3941] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3941] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3941] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 96.793725][ T3942] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3941] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3941] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3941] exit_group(0) = ? [pid 3941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3941, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3943 ./strace-static-x86_64: Process 3943 attached [pid 3943] chdir("./148") = 0 [pid 3943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3943] setpgid(0, 0) = 0 [pid 3943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3943] write(3, "1000", 4) = 4 [pid 3943] close(3) = 0 [pid 3943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3943] memfd_create("syzkaller", 0) = 3 [pid 3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3943] munmap(0x7eff5e600000, 2097152) = 0 [pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3943] close(3) = 0 [pid 3943] mkdir("./file0", 0777) = 0 [ 97.035775][ T3943] loop0: detected capacity change from 0 to 4096 [ 97.051199][ T3943] NILFS (loop0): invalid segment: Checksum error in segment payload [ 97.059247][ T3943] NILFS (loop0): trying rollback from an earlier position [ 97.072036][ T3943] NILFS (loop0): recovery complete [pid 3943] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3943] chdir("./file0") = 0 [pid 3943] ioctl(4, LOOP_CLR_FD) = 0 [pid 3943] close(4) = 0 [pid 3943] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3943] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3943] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 97.078224][ T3944] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3943] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3943] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3943] exit_group(0) = ? [pid 3943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3943, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3945 ./strace-static-x86_64: Process 3945 attached [pid 3945] chdir("./149") = 0 [pid 3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3945] setpgid(0, 0) = 0 [pid 3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3945] write(3, "1000", 4) = 4 [pid 3945] close(3) = 0 [pid 3945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3945] memfd_create("syzkaller", 0) = 3 [pid 3945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3945] munmap(0x7eff5e600000, 2097152) = 0 [pid 3945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3945] close(3) = 0 [pid 3945] mkdir("./file0", 0777) = 0 [ 97.325807][ T3945] loop0: detected capacity change from 0 to 4096 [ 97.342074][ T3945] NILFS (loop0): invalid segment: Checksum error in segment payload [ 97.350211][ T3945] NILFS (loop0): trying rollback from an earlier position [ 97.364052][ T3945] NILFS (loop0): recovery complete [pid 3945] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3945] chdir("./file0") = 0 [pid 3945] ioctl(4, LOOP_CLR_FD) = 0 [pid 3945] close(4) = 0 [pid 3945] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3945] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3945] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 97.370381][ T3946] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 97.380606][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 97.380617][ T27] audit: type=1800 audit(1670141586.667:151): pid=3945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3945] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3945] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3945] exit_group(0) = ? [pid 3945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3947 ./strace-static-x86_64: Process 3947 attached [pid 3947] chdir("./150") = 0 [pid 3947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3947] setpgid(0, 0) = 0 [pid 3947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3947] write(3, "1000", 4) = 4 [pid 3947] close(3) = 0 [pid 3947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3947] memfd_create("syzkaller", 0) = 3 [pid 3947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3947] munmap(0x7eff5e600000, 2097152) = 0 [pid 3947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3947] close(3) = 0 [pid 3947] mkdir("./file0", 0777) = 0 [ 97.649573][ T3947] loop0: detected capacity change from 0 to 4096 [ 97.664155][ T3947] NILFS (loop0): invalid segment: Checksum error in segment payload [ 97.676884][ T3947] NILFS (loop0): trying rollback from an earlier position [ 97.690425][ T3947] NILFS (loop0): recovery complete [pid 3947] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3947] chdir("./file0") = 0 [pid 3947] ioctl(4, LOOP_CLR_FD) = 0 [pid 3947] close(4) = 0 [pid 3947] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3947] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3947] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 97.696182][ T3948] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 97.729368][ T27] audit: type=1800 audit(1670141587.017:152): pid=3947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3947] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3947] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3947] exit_group(0) = ? [pid 3947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3947, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3949 ./strace-static-x86_64: Process 3949 attached [pid 3949] chdir("./151") = 0 [pid 3949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3949] setpgid(0, 0) = 0 [pid 3949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3949] write(3, "1000", 4) = 4 [pid 3949] close(3) = 0 [pid 3949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3949] memfd_create("syzkaller", 0) = 3 [pid 3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3949] munmap(0x7eff5e600000, 2097152) = 0 [pid 3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3949] close(3) = 0 [pid 3949] mkdir("./file0", 0777) = 0 [pid 3949] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3949] chdir("./file0") = 0 [pid 3949] ioctl(4, LOOP_CLR_FD) = 0 [ 97.975254][ T3949] loop0: detected capacity change from 0 to 4096 [ 97.990722][ T3949] NILFS (loop0): invalid segment: Checksum error in segment payload [ 97.998800][ T3949] NILFS (loop0): trying rollback from an earlier position [ 98.011925][ T3949] NILFS (loop0): recovery complete [pid 3949] close(4) = 0 [pid 3949] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3949] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 98.017855][ T3950] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.032031][ T27] audit: type=1800 audit(1670141587.317:153): pid=3949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3949] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3949] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3949] exit_group(0) = ? [pid 3949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3949, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3951 ./strace-static-x86_64: Process 3951 attached [pid 3951] chdir("./152") = 0 [pid 3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3951] setpgid(0, 0) = 0 [pid 3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3951] write(3, "1000", 4) = 4 [pid 3951] close(3) = 0 [pid 3951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3951] memfd_create("syzkaller", 0) = 3 [pid 3951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3951] munmap(0x7eff5e600000, 2097152) = 0 [pid 3951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3951] close(3) = 0 [pid 3951] mkdir("./file0", 0777) = 0 [ 98.282204][ T3951] loop0: detected capacity change from 0 to 4096 [ 98.297912][ T3951] NILFS (loop0): invalid segment: Checksum error in segment payload [ 98.305922][ T3951] NILFS (loop0): trying rollback from an earlier position [ 98.319462][ T3951] NILFS (loop0): recovery complete [pid 3951] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3951] chdir("./file0") = 0 [pid 3951] ioctl(4, LOOP_CLR_FD) = 0 [pid 3951] close(4) = 0 [pid 3951] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3951] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3951] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 98.325182][ T3952] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.350203][ T27] audit: type=1800 audit(1670141587.637:154): pid=3951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3951] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3951] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3951] exit_group(0) = ? [pid 3951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3953 attached , child_tidptr=0x5555555775d0) = 3953 [pid 3953] chdir("./153") = 0 [pid 3953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3953] setpgid(0, 0) = 0 [pid 3953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3953] write(3, "1000", 4) = 4 [pid 3953] close(3) = 0 [pid 3953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3953] memfd_create("syzkaller", 0) = 3 [pid 3953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3953] munmap(0x7eff5e600000, 2097152) = 0 [pid 3953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3953] close(3) = 0 [pid 3953] mkdir("./file0", 0777) = 0 [ 98.615672][ T3953] loop0: detected capacity change from 0 to 4096 [ 98.630713][ T3953] NILFS (loop0): invalid segment: Checksum error in segment payload [ 98.638735][ T3953] NILFS (loop0): trying rollback from an earlier position [ 98.651561][ T3953] NILFS (loop0): recovery complete [pid 3953] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3953] chdir("./file0") = 0 [pid 3953] ioctl(4, LOOP_CLR_FD) = 0 [pid 3953] close(4) = 0 [pid 3953] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3953] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3953] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 98.657727][ T3954] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.683693][ T27] audit: type=1800 audit(1670141587.967:155): pid=3953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3953] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3953] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3953] exit_group(0) = ? [pid 3953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3953, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3955 ./strace-static-x86_64: Process 3955 attached [pid 3955] chdir("./154") = 0 [pid 3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3955] setpgid(0, 0) = 0 [pid 3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3955] write(3, "1000", 4) = 4 [pid 3955] close(3) = 0 [pid 3955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3955] memfd_create("syzkaller", 0) = 3 [pid 3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3955] munmap(0x7eff5e600000, 2097152) = 0 [pid 3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3955] close(3) = 0 [pid 3955] mkdir("./file0", 0777) = 0 [ 98.938633][ T3955] loop0: detected capacity change from 0 to 4096 [ 98.955315][ T3955] NILFS (loop0): invalid segment: Checksum error in segment payload [ 98.963555][ T3955] NILFS (loop0): trying rollback from an earlier position [ 98.977589][ T3955] NILFS (loop0): recovery complete [pid 3955] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3955] chdir("./file0") = 0 [pid 3955] ioctl(4, LOOP_CLR_FD) = 0 [pid 3955] close(4) = 0 [pid 3955] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3955] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3955] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 98.983841][ T3956] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.997450][ T27] audit: type=1800 audit(1670141588.267:156): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3955] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3955] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3955] exit_group(0) = ? [pid 3955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3955, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3957 ./strace-static-x86_64: Process 3957 attached [pid 3957] chdir("./155") = 0 [pid 3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3957] setpgid(0, 0) = 0 [pid 3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3957] write(3, "1000", 4) = 4 [pid 3957] close(3) = 0 [pid 3957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3957] memfd_create("syzkaller", 0) = 3 [pid 3957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3957] munmap(0x7eff5e600000, 2097152) = 0 [pid 3957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3957] close(3) = 0 [pid 3957] mkdir("./file0", 0777) = 0 [ 99.236527][ T3957] loop0: detected capacity change from 0 to 4096 [ 99.253523][ T3957] NILFS (loop0): invalid segment: Checksum error in segment payload [ 99.261591][ T3957] NILFS (loop0): trying rollback from an earlier position [ 99.276372][ T3957] NILFS (loop0): recovery complete [pid 3957] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3957] chdir("./file0") = 0 [pid 3957] ioctl(4, LOOP_CLR_FD) = 0 [pid 3957] close(4) = 0 [pid 3957] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3957] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3957] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 99.282314][ T3958] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.310483][ T27] audit: type=1800 audit(1670141588.597:157): pid=3957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3957] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3957] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3957] exit_group(0) = ? [pid 3957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3959 ./strace-static-x86_64: Process 3959 attached [pid 3959] chdir("./156") = 0 [pid 3959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3959] setpgid(0, 0) = 0 [pid 3959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3959] write(3, "1000", 4) = 4 [pid 3959] close(3) = 0 [pid 3959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3959] memfd_create("syzkaller", 0) = 3 [pid 3959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3959] munmap(0x7eff5e600000, 2097152) = 0 [pid 3959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3959] close(3) = 0 [pid 3959] mkdir("./file0", 0777) = 0 [ 99.562724][ T3959] loop0: detected capacity change from 0 to 4096 [ 99.578179][ T3959] NILFS (loop0): invalid segment: Checksum error in segment payload [ 99.586189][ T3959] NILFS (loop0): trying rollback from an earlier position [ 99.599737][ T3959] NILFS (loop0): recovery complete [pid 3959] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3959] chdir("./file0") = 0 [pid 3959] ioctl(4, LOOP_CLR_FD) = 0 [pid 3959] close(4) = 0 [pid 3959] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3959] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3959] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 99.605674][ T3960] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.628543][ T27] audit: type=1800 audit(1670141588.917:158): pid=3959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3959] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3959] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3959] exit_group(0) = ? [pid 3959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3959, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3961 ./strace-static-x86_64: Process 3961 attached [pid 3961] chdir("./157") = 0 [pid 3961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3961] setpgid(0, 0) = 0 [pid 3961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3961] write(3, "1000", 4) = 4 [pid 3961] close(3) = 0 [pid 3961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3961] memfd_create("syzkaller", 0) = 3 [pid 3961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3961] munmap(0x7eff5e600000, 2097152) = 0 [pid 3961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3961] close(3) = 0 [pid 3961] mkdir("./file0", 0777) = 0 [pid 3961] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3961] chdir("./file0") = 0 [ 99.879937][ T3961] loop0: detected capacity change from 0 to 4096 [ 99.895581][ T3961] NILFS (loop0): invalid segment: Checksum error in segment payload [ 99.903638][ T3961] NILFS (loop0): trying rollback from an earlier position [ 99.916703][ T3961] NILFS (loop0): recovery complete [pid 3961] ioctl(4, LOOP_CLR_FD) = 0 [pid 3961] close(4) = 0 [pid 3961] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3961] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [ 99.922665][ T3962] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3961] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 99.950545][ T27] audit: type=1800 audit(1670141589.237:159): pid=3961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3961] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3961] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3961] exit_group(0) = ? [pid 3961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3961, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3963 ./strace-static-x86_64: Process 3963 attached [pid 3963] chdir("./158") = 0 [pid 3963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3963] setpgid(0, 0) = 0 [pid 3963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3963] write(3, "1000", 4) = 4 [pid 3963] close(3) = 0 [pid 3963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3963] memfd_create("syzkaller", 0) = 3 [pid 3963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3963] munmap(0x7eff5e600000, 2097152) = 0 [pid 3963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3963] close(3) = 0 [pid 3963] mkdir("./file0", 0777) = 0 [ 100.198972][ T3963] loop0: detected capacity change from 0 to 4096 [ 100.216295][ T3963] NILFS (loop0): invalid segment: Checksum error in segment payload [ 100.224426][ T3963] NILFS (loop0): trying rollback from an earlier position [ 100.238655][ T3963] NILFS (loop0): recovery complete [pid 3963] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3963] chdir("./file0") = 0 [pid 3963] ioctl(4, LOOP_CLR_FD) = 0 [pid 3963] close(4) = 0 [pid 3963] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3963] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3963] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 100.244417][ T3964] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.275197][ T27] audit: type=1800 audit(1670141589.557:160): pid=3963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3963] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3963] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3963] exit_group(0) = ? [pid 3963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3963, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3965 ./strace-static-x86_64: Process 3965 attached [pid 3965] chdir("./159") = 0 [pid 3965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3965] setpgid(0, 0) = 0 [pid 3965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3965] write(3, "1000", 4) = 4 [pid 3965] close(3) = 0 [pid 3965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3965] memfd_create("syzkaller", 0) = 3 [pid 3965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3965] munmap(0x7eff5e600000, 2097152) = 0 [pid 3965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3965] close(3) = 0 [pid 3965] mkdir("./file0", 0777) = 0 [ 100.527608][ T3965] loop0: detected capacity change from 0 to 4096 [ 100.542894][ T3965] NILFS (loop0): invalid segment: Checksum error in segment payload [ 100.550919][ T3965] NILFS (loop0): trying rollback from an earlier position [ 100.564694][ T3965] NILFS (loop0): recovery complete [pid 3965] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3965] chdir("./file0") = 0 [pid 3965] ioctl(4, LOOP_CLR_FD) = 0 [pid 3965] close(4) = 0 [pid 3965] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3965] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3965] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 100.570948][ T3966] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3965] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3965] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3965] exit_group(0) = ? [pid 3965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3965, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3967 ./strace-static-x86_64: Process 3967 attached [pid 3967] chdir("./160") = 0 [pid 3967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3967] setpgid(0, 0) = 0 [pid 3967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3967] write(3, "1000", 4) = 4 [pid 3967] close(3) = 0 [pid 3967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3967] memfd_create("syzkaller", 0) = 3 [pid 3967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3967] munmap(0x7eff5e600000, 2097152) = 0 [pid 3967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3967] close(3) = 0 [pid 3967] mkdir("./file0", 0777) = 0 [ 100.841827][ T3967] loop0: detected capacity change from 0 to 4096 [ 100.858231][ T3967] NILFS (loop0): invalid segment: Checksum error in segment payload [ 100.866276][ T3967] NILFS (loop0): trying rollback from an earlier position [ 100.879712][ T3967] NILFS (loop0): recovery complete [pid 3967] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3967] chdir("./file0") = 0 [pid 3967] ioctl(4, LOOP_CLR_FD) = 0 [pid 3967] close(4) = 0 [pid 3967] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3967] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3967] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 100.885789][ T3968] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3967] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3967] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3967] exit_group(0) = ? [pid 3967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3967, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3969 ./strace-static-x86_64: Process 3969 attached [pid 3969] chdir("./161") = 0 [pid 3969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3969] setpgid(0, 0) = 0 [pid 3969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3969] write(3, "1000", 4) = 4 [pid 3969] close(3) = 0 [pid 3969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3969] memfd_create("syzkaller", 0) = 3 [pid 3969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3969] munmap(0x7eff5e600000, 2097152) = 0 [pid 3969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3969] close(3) = 0 [pid 3969] mkdir("./file0", 0777) = 0 [ 101.167615][ T3969] loop0: detected capacity change from 0 to 4096 [ 101.183000][ T3969] NILFS (loop0): invalid segment: Checksum error in segment payload [ 101.191069][ T3969] NILFS (loop0): trying rollback from an earlier position [ 101.204138][ T3969] NILFS (loop0): recovery complete [pid 3969] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3969] chdir("./file0") = 0 [pid 3969] ioctl(4, LOOP_CLR_FD) = 0 [pid 3969] close(4) = 0 [pid 3969] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3969] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3969] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 101.210267][ T3970] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3969] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3969] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3969] exit_group(0) = ? [pid 3969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3969, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3971 ./strace-static-x86_64: Process 3971 attached [pid 3971] chdir("./162") = 0 [pid 3971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3971] setpgid(0, 0) = 0 [pid 3971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3971] write(3, "1000", 4) = 4 [pid 3971] close(3) = 0 [pid 3971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3971] memfd_create("syzkaller", 0) = 3 [pid 3971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3971] munmap(0x7eff5e600000, 2097152) = 0 [pid 3971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3971] close(3) = 0 [pid 3971] mkdir("./file0", 0777) = 0 [ 101.468484][ T3971] loop0: detected capacity change from 0 to 4096 [ 101.484073][ T3971] NILFS (loop0): invalid segment: Checksum error in segment payload [ 101.492339][ T3971] NILFS (loop0): trying rollback from an earlier position [ 101.505161][ T3971] NILFS (loop0): recovery complete [pid 3971] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3971] chdir("./file0") = 0 [pid 3971] ioctl(4, LOOP_CLR_FD) = 0 [pid 3971] close(4) = 0 [pid 3971] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3971] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3971] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 101.511270][ T3972] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3971] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3971] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3971] exit_group(0) = ? [pid 3971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3971, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3973 ./strace-static-x86_64: Process 3973 attached [pid 3973] chdir("./163") = 0 [pid 3973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3973] setpgid(0, 0) = 0 [pid 3973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3973] write(3, "1000", 4) = 4 [pid 3973] close(3) = 0 [pid 3973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3973] memfd_create("syzkaller", 0) = 3 [pid 3973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3973] munmap(0x7eff5e600000, 2097152) = 0 [pid 3973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3973] close(3) = 0 [pid 3973] mkdir("./file0", 0777) = 0 [ 101.761308][ T3973] loop0: detected capacity change from 0 to 4096 [ 101.776581][ T3973] NILFS (loop0): invalid segment: Checksum error in segment payload [ 101.785194][ T3973] NILFS (loop0): trying rollback from an earlier position [ 101.798649][ T3973] NILFS (loop0): recovery complete [pid 3973] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3973] chdir("./file0") = 0 [pid 3973] ioctl(4, LOOP_CLR_FD) = 0 [pid 3973] close(4) = 0 [pid 3973] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3973] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3973] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 101.804614][ T3974] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3973] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3973] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3973] exit_group(0) = ? [pid 3973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3973, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3975 ./strace-static-x86_64: Process 3975 attached [pid 3975] chdir("./164") = 0 [pid 3975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3975] setpgid(0, 0) = 0 [pid 3975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3975] write(3, "1000", 4) = 4 [pid 3975] close(3) = 0 [pid 3975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3975] memfd_create("syzkaller", 0) = 3 [pid 3975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3975] munmap(0x7eff5e600000, 2097152) = 0 [pid 3975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3975] close(3) = 0 [pid 3975] mkdir("./file0", 0777) = 0 [ 102.071878][ T3975] loop0: detected capacity change from 0 to 4096 [ 102.087753][ T3975] NILFS (loop0): invalid segment: Checksum error in segment payload [ 102.095820][ T3975] NILFS (loop0): trying rollback from an earlier position [ 102.109596][ T3975] NILFS (loop0): recovery complete [pid 3975] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3975] chdir("./file0") = 0 [pid 3975] ioctl(4, LOOP_CLR_FD) = 0 [pid 3975] close(4) = 0 [pid 3975] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3975] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3975] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 102.115589][ T3976] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3975] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3975] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3975] exit_group(0) = ? [pid 3975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3975, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] chdir("./165") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] memfd_create("syzkaller", 0) = 3 [pid 3977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3977] munmap(0x7eff5e600000, 2097152) = 0 [pid 3977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3977] close(3) = 0 [pid 3977] mkdir("./file0", 0777) = 0 [pid 3977] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 102.378432][ T3977] loop0: detected capacity change from 0 to 4096 [ 102.394472][ T3977] NILFS (loop0): invalid segment: Checksum error in segment payload [ 102.402565][ T3977] NILFS (loop0): trying rollback from an earlier position [ 102.415691][ T3977] NILFS (loop0): recovery complete [pid 3977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3977] chdir("./file0") = 0 [pid 3977] ioctl(4, LOOP_CLR_FD) = 0 [pid 3977] close(4) = 0 [pid 3977] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3977] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3977] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 102.421775][ T3978] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 102.436487][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 102.436499][ T27] audit: type=1800 audit(1670141591.717:167): pid=3977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3977] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3977] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3977] exit_group(0) = ? [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3979 ./strace-static-x86_64: Process 3979 attached [pid 3979] chdir("./166") = 0 [pid 3979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3979] setpgid(0, 0) = 0 [pid 3979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3979] write(3, "1000", 4) = 4 [pid 3979] close(3) = 0 [pid 3979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3979] memfd_create("syzkaller", 0) = 3 [pid 3979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3979] munmap(0x7eff5e600000, 2097152) = 0 [pid 3979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3979] close(3) = 0 [pid 3979] mkdir("./file0", 0777) = 0 [pid 3979] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3979] chdir("./file0") = 0 [pid 3979] ioctl(4, LOOP_CLR_FD) = 0 [ 102.695274][ T3979] loop0: detected capacity change from 0 to 4096 [ 102.710288][ T3979] NILFS (loop0): invalid segment: Checksum error in segment payload [ 102.718413][ T3979] NILFS (loop0): trying rollback from an earlier position [ 102.731297][ T3979] NILFS (loop0): recovery complete [pid 3979] close(4) = 0 [pid 3979] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3979] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3979] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 102.737110][ T3980] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 102.763552][ T27] audit: type=1800 audit(1670141592.047:168): pid=3979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3979] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3979] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3979] exit_group(0) = ? [pid 3979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3979, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3981 ./strace-static-x86_64: Process 3981 attached [pid 3981] chdir("./167") = 0 [pid 3981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3981] setpgid(0, 0) = 0 [pid 3981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3981] write(3, "1000", 4) = 4 [pid 3981] close(3) = 0 [pid 3981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3981] memfd_create("syzkaller", 0) = 3 [pid 3981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3981] munmap(0x7eff5e600000, 2097152) = 0 [pid 3981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3981] close(3) = 0 [pid 3981] mkdir("./file0", 0777) = 0 [ 103.015063][ T3981] loop0: detected capacity change from 0 to 4096 [ 103.031916][ T3981] NILFS (loop0): invalid segment: Checksum error in segment payload [ 103.040041][ T3981] NILFS (loop0): trying rollback from an earlier position [ 103.054001][ T3981] NILFS (loop0): recovery complete [pid 3981] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3981] chdir("./file0") = 0 [pid 3981] ioctl(4, LOOP_CLR_FD) = 0 [pid 3981] close(4) = 0 [pid 3981] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3981] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3981] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 103.060038][ T3982] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.083940][ T27] audit: type=1800 audit(1670141592.367:169): pid=3981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3981] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3981] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3981] exit_group(0) = ? [pid 3981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3981, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3983 attached , child_tidptr=0x5555555775d0) = 3983 [pid 3983] chdir("./168") = 0 [pid 3983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3983] setpgid(0, 0) = 0 [pid 3983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3983] write(3, "1000", 4) = 4 [pid 3983] close(3) = 0 [pid 3983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3983] memfd_create("syzkaller", 0) = 3 [pid 3983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3983] munmap(0x7eff5e600000, 2097152) = 0 [pid 3983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3983] close(3) = 0 [pid 3983] mkdir("./file0", 0777) = 0 [ 103.345072][ T3983] loop0: detected capacity change from 0 to 4096 [ 103.360195][ T3983] NILFS (loop0): invalid segment: Checksum error in segment payload [ 103.368328][ T3983] NILFS (loop0): trying rollback from an earlier position [ 103.381349][ T3983] NILFS (loop0): recovery complete [pid 3983] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3983] chdir("./file0") = 0 [pid 3983] ioctl(4, LOOP_CLR_FD) = 0 [pid 3983] close(4) = 0 [pid 3983] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3983] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3983] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 103.387106][ T3984] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.410309][ T27] audit: type=1800 audit(1670141592.697:170): pid=3983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3983] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3983] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3983] exit_group(0) = ? [pid 3983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3983, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3985 ./strace-static-x86_64: Process 3985 attached [pid 3985] chdir("./169") = 0 [pid 3985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3985] setpgid(0, 0) = 0 [pid 3985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3985] write(3, "1000", 4) = 4 [pid 3985] close(3) = 0 [pid 3985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3985] memfd_create("syzkaller", 0) = 3 [pid 3985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3985] munmap(0x7eff5e600000, 2097152) = 0 [pid 3985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3985] close(3) = 0 [pid 3985] mkdir("./file0", 0777) = 0 [ 103.665428][ T3985] loop0: detected capacity change from 0 to 4096 [ 103.680921][ T3985] NILFS (loop0): invalid segment: Checksum error in segment payload [ 103.688948][ T3985] NILFS (loop0): trying rollback from an earlier position [ 103.702069][ T3985] NILFS (loop0): recovery complete [pid 3985] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3985] chdir("./file0") = 0 [pid 3985] ioctl(4, LOOP_CLR_FD) = 0 [pid 3985] close(4) = 0 [pid 3985] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3985] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3985] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 103.708204][ T3986] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.731149][ T27] audit: type=1800 audit(1670141593.017:171): pid=3985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3985] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3985] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3985] exit_group(0) = ? [pid 3985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3985, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3987 attached , child_tidptr=0x5555555775d0) = 3987 [pid 3987] chdir("./170") = 0 [pid 3987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3987] setpgid(0, 0) = 0 [pid 3987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3987] write(3, "1000", 4) = 4 [pid 3987] close(3) = 0 [pid 3987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3987] memfd_create("syzkaller", 0) = 3 [pid 3987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3987] munmap(0x7eff5e600000, 2097152) = 0 [pid 3987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3987] close(3) = 0 [pid 3987] mkdir("./file0", 0777) = 0 [ 103.982967][ T3987] loop0: detected capacity change from 0 to 4096 [ 103.997833][ T3987] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.005948][ T3987] NILFS (loop0): trying rollback from an earlier position [ 104.019715][ T3987] NILFS (loop0): recovery complete [pid 3987] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3987] chdir("./file0") = 0 [pid 3987] ioctl(4, LOOP_CLR_FD) = 0 [pid 3987] close(4) = 0 [pid 3987] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3987] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3987] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 104.025766][ T3988] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.039306][ T27] audit: type=1800 audit(1670141593.327:172): pid=3987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3987] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3987] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3987] exit_group(0) = ? [pid 3987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3987, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3989 ./strace-static-x86_64: Process 3989 attached [pid 3989] chdir("./171") = 0 [pid 3989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3989] setpgid(0, 0) = 0 [pid 3989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3989] write(3, "1000", 4) = 4 [pid 3989] close(3) = 0 [pid 3989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3989] memfd_create("syzkaller", 0) = 3 [pid 3989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3989] munmap(0x7eff5e600000, 2097152) = 0 [pid 3989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3989] close(3) = 0 [pid 3989] mkdir("./file0", 0777) = 0 [pid 3989] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3989] chdir("./file0") = 0 [pid 3989] ioctl(4, LOOP_CLR_FD) = 0 [pid 3989] close(4) = 0 [pid 3989] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3989] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [ 104.297094][ T3989] loop0: detected capacity change from 0 to 4096 [ 104.311973][ T3989] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.320020][ T3989] NILFS (loop0): trying rollback from an earlier position [ 104.333667][ T3989] NILFS (loop0): recovery complete [pid 3989] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 104.339873][ T3990] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.357409][ T27] audit: type=1800 audit(1670141593.627:173): pid=3989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3989] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3989] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3989] exit_group(0) = ? [pid 3989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3989, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3991 ./strace-static-x86_64: Process 3991 attached [pid 3991] chdir("./172") = 0 [pid 3991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3991] setpgid(0, 0) = 0 [pid 3991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3991] write(3, "1000", 4) = 4 [pid 3991] close(3) = 0 [pid 3991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3991] memfd_create("syzkaller", 0) = 3 [pid 3991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3991] munmap(0x7eff5e600000, 2097152) = 0 [pid 3991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3991] close(3) = 0 [pid 3991] mkdir("./file0", 0777) = 0 [ 104.607660][ T3991] loop0: detected capacity change from 0 to 4096 [ 104.623426][ T3991] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.631514][ T3991] NILFS (loop0): trying rollback from an earlier position [ 104.644817][ T3991] NILFS (loop0): recovery complete [pid 3991] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3991] chdir("./file0") = 0 [pid 3991] ioctl(4, LOOP_CLR_FD) = 0 [pid 3991] close(4) = 0 [pid 3991] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 104.651122][ T3992] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3991] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3991] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 104.679156][ T27] audit: type=1800 audit(1670141593.967:174): pid=3991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3991] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3991] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3991] exit_group(0) = ? [pid 3991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3991, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3993 attached , child_tidptr=0x5555555775d0) = 3993 [pid 3993] chdir("./173") = 0 [pid 3993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3993] setpgid(0, 0) = 0 [pid 3993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3993] write(3, "1000", 4) = 4 [pid 3993] close(3) = 0 [pid 3993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3993] memfd_create("syzkaller", 0) = 3 [pid 3993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3993] munmap(0x7eff5e600000, 2097152) = 0 [pid 3993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3993] close(3) = 0 [pid 3993] mkdir("./file0", 0777) = 0 [ 104.921855][ T3993] loop0: detected capacity change from 0 to 4096 [ 104.937165][ T3993] NILFS (loop0): invalid segment: Checksum error in segment payload [ 104.945203][ T3993] NILFS (loop0): trying rollback from an earlier position [ 104.958518][ T3993] NILFS (loop0): recovery complete [pid 3993] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3993] chdir("./file0") = 0 [pid 3993] ioctl(4, LOOP_CLR_FD) = 0 [pid 3993] close(4) = 0 [pid 3993] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3993] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3993] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 104.964547][ T3994] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.982743][ T27] audit: type=1800 audit(1670141594.267:175): pid=3993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3993] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3993] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3993] exit_group(0) = ? [pid 3993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3993, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3995 ./strace-static-x86_64: Process 3995 attached [pid 3995] chdir("./174") = 0 [pid 3995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3995] setpgid(0, 0) = 0 [pid 3995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3995] write(3, "1000", 4) = 4 [pid 3995] close(3) = 0 [pid 3995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3995] memfd_create("syzkaller", 0) = 3 [pid 3995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3995] munmap(0x7eff5e600000, 2097152) = 0 [pid 3995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3995] close(3) = 0 [pid 3995] mkdir("./file0", 0777) = 0 [ 105.243216][ T3995] loop0: detected capacity change from 0 to 4096 [ 105.260251][ T3995] NILFS (loop0): invalid segment: Checksum error in segment payload [ 105.268366][ T3995] NILFS (loop0): trying rollback from an earlier position [ 105.281639][ T3995] NILFS (loop0): recovery complete [pid 3995] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3995] chdir("./file0") = 0 [pid 3995] ioctl(4, LOOP_CLR_FD) = 0 [pid 3995] close(4) = 0 [pid 3995] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3995] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3995] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 105.287771][ T3996] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 105.302088][ T27] audit: type=1800 audit(1670141594.587:176): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 3995] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3995] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3995] exit_group(0) = ? [pid 3995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3995, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3997 ./strace-static-x86_64: Process 3997 attached [pid 3997] chdir("./175") = 0 [pid 3997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3997] setpgid(0, 0) = 0 [pid 3997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3997] write(3, "1000", 4) = 4 [pid 3997] close(3) = 0 [pid 3997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3997] memfd_create("syzkaller", 0) = 3 [pid 3997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3997] munmap(0x7eff5e600000, 2097152) = 0 [pid 3997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3997] close(3) = 0 [pid 3997] mkdir("./file0", 0777) = 0 [pid 3997] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3997] chdir("./file0") = 0 [ 105.544115][ T3997] loop0: detected capacity change from 0 to 4096 [ 105.558443][ T3997] NILFS (loop0): invalid segment: Checksum error in segment payload [ 105.566465][ T3997] NILFS (loop0): trying rollback from an earlier position [ 105.580040][ T3997] NILFS (loop0): recovery complete [pid 3997] ioctl(4, LOOP_CLR_FD) = 0 [pid 3997] close(4) = 0 [pid 3997] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3997] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3997] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 105.586242][ T3998] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3997] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3997] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3997] exit_group(0) = ? [pid 3997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3997, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] chdir("./176") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] memfd_create("syzkaller", 0) = 3 [pid 3999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 3999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 3999] munmap(0x7eff5e600000, 2097152) = 0 [pid 3999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3999] close(3) = 0 [pid 3999] mkdir("./file0", 0777) = 0 [ 105.846703][ T3999] loop0: detected capacity change from 0 to 4096 [ 105.862199][ T3999] NILFS (loop0): invalid segment: Checksum error in segment payload [ 105.870289][ T3999] NILFS (loop0): trying rollback from an earlier position [ 105.883449][ T3999] NILFS (loop0): recovery complete [pid 3999] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 3999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3999] chdir("./file0") = 0 [pid 3999] ioctl(4, LOOP_CLR_FD) = 0 [pid 3999] close(4) = 0 [pid 3999] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 3999] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 3999] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 105.889350][ T4000] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 3999] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 3999] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 3999] exit_group(0) = ? [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4001 ./strace-static-x86_64: Process 4001 attached [pid 4001] chdir("./177") = 0 [pid 4001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4001] setpgid(0, 0) = 0 [pid 4001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4001] write(3, "1000", 4) = 4 [pid 4001] close(3) = 0 [pid 4001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4001] memfd_create("syzkaller", 0) = 3 [pid 4001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4001] munmap(0x7eff5e600000, 2097152) = 0 [pid 4001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4001] close(3) = 0 [pid 4001] mkdir("./file0", 0777) = 0 [ 106.146056][ T4001] loop0: detected capacity change from 0 to 4096 [ 106.163572][ T4001] NILFS (loop0): invalid segment: Checksum error in segment payload [ 106.171718][ T4001] NILFS (loop0): trying rollback from an earlier position [ 106.186505][ T4001] NILFS (loop0): recovery complete [pid 4001] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4001] chdir("./file0") = 0 [pid 4001] ioctl(4, LOOP_CLR_FD) = 0 [pid 4001] close(4) = 0 [pid 4001] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4001] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4001] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 106.192413][ T4002] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4001] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4001] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4001] exit_group(0) = ? [pid 4001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4001, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4003 ./strace-static-x86_64: Process 4003 attached [pid 4003] chdir("./178") = 0 [pid 4003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4003] setpgid(0, 0) = 0 [pid 4003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4003] write(3, "1000", 4) = 4 [pid 4003] close(3) = 0 [pid 4003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4003] memfd_create("syzkaller", 0) = 3 [pid 4003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4003] munmap(0x7eff5e600000, 2097152) = 0 [pid 4003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4003] close(3) = 0 [pid 4003] mkdir("./file0", 0777) = 0 [ 106.461939][ T4003] loop0: detected capacity change from 0 to 4096 [ 106.487816][ T4003] NILFS (loop0): invalid segment: Checksum error in segment payload [ 106.495829][ T4003] NILFS (loop0): trying rollback from an earlier position [pid 4003] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4003] chdir("./file0") = 0 [pid 4003] ioctl(4, LOOP_CLR_FD) = 0 [pid 4003] close(4) = 0 [pid 4003] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4003] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4003] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 106.509419][ T4003] NILFS (loop0): recovery complete [ 106.515618][ T4004] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4003] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4003] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4003] exit_group(0) = ? [pid 4003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4003, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4005 ./strace-static-x86_64: Process 4005 attached [pid 4005] chdir("./179") = 0 [pid 4005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4005] setpgid(0, 0) = 0 [pid 4005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4005] write(3, "1000", 4) = 4 [pid 4005] close(3) = 0 [pid 4005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4005] memfd_create("syzkaller", 0) = 3 [pid 4005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4005] munmap(0x7eff5e600000, 2097152) = 0 [pid 4005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4005] close(3) = 0 [pid 4005] mkdir("./file0", 0777) = 0 [ 106.768457][ T4005] loop0: detected capacity change from 0 to 4096 [ 106.784600][ T4005] NILFS (loop0): invalid segment: Checksum error in segment payload [ 106.792677][ T4005] NILFS (loop0): trying rollback from an earlier position [ 106.806045][ T4005] NILFS (loop0): recovery complete [pid 4005] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4005] chdir("./file0") = 0 [pid 4005] ioctl(4, LOOP_CLR_FD) = 0 [pid 4005] close(4) = 0 [pid 4005] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4005] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4005] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 106.812192][ T4006] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4005] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4005] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4005] exit_group(0) = ? [pid 4005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4005, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4007 ./strace-static-x86_64: Process 4007 attached [pid 4007] chdir("./180") = 0 [pid 4007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4007] setpgid(0, 0) = 0 [pid 4007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4007] write(3, "1000", 4) = 4 [pid 4007] close(3) = 0 [pid 4007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4007] memfd_create("syzkaller", 0) = 3 [pid 4007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4007] munmap(0x7eff5e600000, 2097152) = 0 [pid 4007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4007] close(3) = 0 [pid 4007] mkdir("./file0", 0777) = 0 [ 107.083940][ T4007] loop0: detected capacity change from 0 to 4096 [ 107.101031][ T4007] NILFS (loop0): invalid segment: Checksum error in segment payload [ 107.109118][ T4007] NILFS (loop0): trying rollback from an earlier position [ 107.122281][ T4007] NILFS (loop0): recovery complete [pid 4007] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4007] chdir("./file0") = 0 [pid 4007] ioctl(4, LOOP_CLR_FD) = 0 [pid 4007] close(4) = 0 [pid 4007] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4007] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4007] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 107.128012][ T4008] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4007] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4007] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4007] exit_group(0) = ? [pid 4007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4007, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4009 ./strace-static-x86_64: Process 4009 attached [pid 4009] chdir("./181") = 0 [pid 4009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4009] setpgid(0, 0) = 0 [pid 4009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4009] write(3, "1000", 4) = 4 [pid 4009] close(3) = 0 [pid 4009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4009] memfd_create("syzkaller", 0) = 3 [pid 4009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4009] munmap(0x7eff5e600000, 2097152) = 0 [pid 4009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4009] close(3) = 0 [pid 4009] mkdir("./file0", 0777) = 0 [ 107.382159][ T4009] loop0: detected capacity change from 0 to 4096 [ 107.396738][ T4009] NILFS (loop0): invalid segment: Checksum error in segment payload [ 107.405412][ T4009] NILFS (loop0): trying rollback from an earlier position [ 107.418606][ T4009] NILFS (loop0): recovery complete [pid 4009] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4009] chdir("./file0") = 0 [pid 4009] ioctl(4, LOOP_CLR_FD) = 0 [pid 4009] close(4) = 0 [pid 4009] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4009] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4009] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 107.424417][ T4010] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 107.439290][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 107.439297][ T27] audit: type=1800 audit(1670141596.727:183): pid=4009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4009] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4009] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4009] exit_group(0) = ? [pid 4009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4009, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4011 ./strace-static-x86_64: Process 4011 attached [pid 4011] chdir("./182") = 0 [pid 4011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4011] setpgid(0, 0) = 0 [pid 4011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4011] write(3, "1000", 4) = 4 [pid 4011] close(3) = 0 [pid 4011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4011] memfd_create("syzkaller", 0) = 3 [pid 4011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4011] munmap(0x7eff5e600000, 2097152) = 0 [pid 4011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4011] close(3) = 0 [pid 4011] mkdir("./file0", 0777) = 0 [ 107.713790][ T4011] loop0: detected capacity change from 0 to 4096 [ 107.729043][ T4011] NILFS (loop0): invalid segment: Checksum error in segment payload [ 107.737181][ T4011] NILFS (loop0): trying rollback from an earlier position [ 107.750894][ T4011] NILFS (loop0): recovery complete [pid 4011] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4011] chdir("./file0") = 0 [pid 4011] ioctl(4, LOOP_CLR_FD) = 0 [pid 4011] close(4) = 0 [pid 4011] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4011] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4011] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 107.756648][ T4012] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 107.771375][ T27] audit: type=1800 audit(1670141597.057:184): pid=4011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4011] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4011] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4011] exit_group(0) = ? [pid 4011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4011, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4013 ./strace-static-x86_64: Process 4013 attached [pid 4013] chdir("./183") = 0 [pid 4013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4013] setpgid(0, 0) = 0 [pid 4013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4013] write(3, "1000", 4) = 4 [pid 4013] close(3) = 0 [pid 4013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4013] memfd_create("syzkaller", 0) = 3 [pid 4013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4013] munmap(0x7eff5e600000, 2097152) = 0 [pid 4013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4013] close(3) = 0 [pid 4013] mkdir("./file0", 0777) = 0 [ 108.023706][ T4013] loop0: detected capacity change from 0 to 4096 [ 108.039629][ T4013] NILFS (loop0): invalid segment: Checksum error in segment payload [ 108.047740][ T4013] NILFS (loop0): trying rollback from an earlier position [ 108.061953][ T4013] NILFS (loop0): recovery complete [pid 4013] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4013] chdir("./file0") = 0 [pid 4013] ioctl(4, LOOP_CLR_FD) = 0 [pid 4013] close(4) = 0 [pid 4013] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 108.068469][ T4014] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4013] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4013] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 108.106106][ T27] audit: type=1800 audit(1670141597.387:185): pid=4013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4013] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4013] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4013] exit_group(0) = ? [pid 4013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4013, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4015 ./strace-static-x86_64: Process 4015 attached [pid 4015] chdir("./184") = 0 [pid 4015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4015] setpgid(0, 0) = 0 [pid 4015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4015] write(3, "1000", 4) = 4 [pid 4015] close(3) = 0 [pid 4015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4015] memfd_create("syzkaller", 0) = 3 [pid 4015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4015] munmap(0x7eff5e600000, 2097152) = 0 [pid 4015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4015] close(3) = 0 [pid 4015] mkdir("./file0", 0777) = 0 [ 108.372441][ T4015] loop0: detected capacity change from 0 to 4096 [ 108.387973][ T4015] NILFS (loop0): invalid segment: Checksum error in segment payload [ 108.396018][ T4015] NILFS (loop0): trying rollback from an earlier position [ 108.408971][ T4015] NILFS (loop0): recovery complete [pid 4015] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4015] chdir("./file0") = 0 [pid 4015] ioctl(4, LOOP_CLR_FD) = 0 [pid 4015] close(4) = 0 [pid 4015] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4015] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4015] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 108.414841][ T4016] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 108.429296][ T27] audit: type=1800 audit(1670141597.717:186): pid=4015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4015] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4015] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4015] exit_group(0) = ? [pid 4015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4015, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4017 attached , child_tidptr=0x5555555775d0) = 4017 [pid 4017] chdir("./185") = 0 [pid 4017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4017] setpgid(0, 0) = 0 [pid 4017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4017] write(3, "1000", 4) = 4 [pid 4017] close(3) = 0 [pid 4017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4017] memfd_create("syzkaller", 0) = 3 [pid 4017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4017] munmap(0x7eff5e600000, 2097152) = 0 [pid 4017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4017] close(3) = 0 [pid 4017] mkdir("./file0", 0777) = 0 [ 108.686564][ T4017] loop0: detected capacity change from 0 to 4096 [ 108.701347][ T4017] NILFS (loop0): invalid segment: Checksum error in segment payload [ 108.709458][ T4017] NILFS (loop0): trying rollback from an earlier position [ 108.721968][ T4017] NILFS (loop0): recovery complete [pid 4017] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4017] chdir("./file0") = 0 [pid 4017] ioctl(4, LOOP_CLR_FD) = 0 [pid 4017] close(4) = 0 [pid 4017] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4017] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4017] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 108.728324][ T4018] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 108.754017][ T27] audit: type=1800 audit(1670141598.037:187): pid=4017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4017] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4017] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4017] exit_group(0) = ? [pid 4017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4017, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4019 attached , child_tidptr=0x5555555775d0) = 4019 [pid 4019] chdir("./186") = 0 [pid 4019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4019] setpgid(0, 0) = 0 [pid 4019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4019] write(3, "1000", 4) = 4 [pid 4019] close(3) = 0 [pid 4019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4019] memfd_create("syzkaller", 0) = 3 [pid 4019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4019] munmap(0x7eff5e600000, 2097152) = 0 [pid 4019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4019] close(3) = 0 [pid 4019] mkdir("./file0", 0777) = 0 [ 109.007727][ T4019] loop0: detected capacity change from 0 to 4096 [ 109.024167][ T4019] NILFS (loop0): invalid segment: Checksum error in segment payload [ 109.032233][ T4019] NILFS (loop0): trying rollback from an earlier position [ 109.045284][ T4019] NILFS (loop0): recovery complete [pid 4019] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4019] chdir("./file0") = 0 [pid 4019] ioctl(4, LOOP_CLR_FD) = 0 [pid 4019] close(4) = 0 [pid 4019] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 109.051263][ T4020] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4019] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 109.084468][ T27] audit: type=1800 audit(1670141598.367:188): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4019] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4019] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4019] exit_group(0) = ? [pid 4019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4019, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./186/binderfs") = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4021 ./strace-static-x86_64: Process 4021 attached [pid 4021] chdir("./187") = 0 [pid 4021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4021] setpgid(0, 0) = 0 [pid 4021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4021] write(3, "1000", 4) = 4 [pid 4021] close(3) = 0 [pid 4021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4021] memfd_create("syzkaller", 0) = 3 [pid 4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4021] munmap(0x7eff5e600000, 2097152) = 0 [pid 4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4021] close(3) = 0 [pid 4021] mkdir("./file0", 0777) = 0 [ 109.332613][ T4021] loop0: detected capacity change from 0 to 4096 [ 109.348401][ T4021] NILFS (loop0): invalid segment: Checksum error in segment payload [ 109.356401][ T4021] NILFS (loop0): trying rollback from an earlier position [ 109.369811][ T4021] NILFS (loop0): recovery complete [pid 4021] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4021] chdir("./file0") = 0 [pid 4021] ioctl(4, LOOP_CLR_FD) = 0 [pid 4021] close(4) = 0 [pid 4021] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4021] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4021] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 109.375561][ T4022] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.401619][ T27] audit: type=1800 audit(1670141598.687:189): pid=4021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4021] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4021] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4021] exit_group(0) = ? [pid 4021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4021, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./187/binderfs") = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4023 ./strace-static-x86_64: Process 4023 attached [pid 4023] chdir("./188") = 0 [pid 4023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4023] setpgid(0, 0) = 0 [pid 4023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4023] write(3, "1000", 4) = 4 [pid 4023] close(3) = 0 [pid 4023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4023] memfd_create("syzkaller", 0) = 3 [pid 4023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4023] munmap(0x7eff5e600000, 2097152) = 0 [pid 4023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4023] close(3) = 0 [pid 4023] mkdir("./file0", 0777) = 0 [ 109.635092][ T4023] loop0: detected capacity change from 0 to 4096 [ 109.649476][ T4023] NILFS (loop0): invalid segment: Checksum error in segment payload [ 109.657569][ T4023] NILFS (loop0): trying rollback from an earlier position [ 109.670320][ T4023] NILFS (loop0): recovery complete [pid 4023] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4023] chdir("./file0") = 0 [pid 4023] ioctl(4, LOOP_CLR_FD) = 0 [pid 4023] close(4) = 0 [pid 4023] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4023] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4023] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 109.676071][ T4024] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.693223][ T27] audit: type=1800 audit(1670141598.977:190): pid=4023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4023] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4023] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4023] exit_group(0) = ? [pid 4023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4023, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4025 attached , child_tidptr=0x5555555775d0) = 4025 [pid 4025] chdir("./189") = 0 [pid 4025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4025] setpgid(0, 0) = 0 [pid 4025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4025] write(3, "1000", 4) = 4 [pid 4025] close(3) = 0 [pid 4025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4025] memfd_create("syzkaller", 0) = 3 [pid 4025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4025] munmap(0x7eff5e600000, 2097152) = 0 [pid 4025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4025] close(3) = 0 [pid 4025] mkdir("./file0", 0777) = 0 [ 109.962520][ T4025] loop0: detected capacity change from 0 to 4096 [ 109.978183][ T4025] NILFS (loop0): invalid segment: Checksum error in segment payload [ 109.986184][ T4025] NILFS (loop0): trying rollback from an earlier position [ 109.999890][ T4025] NILFS (loop0): recovery complete [pid 4025] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4025] chdir("./file0") = 0 [pid 4025] ioctl(4, LOOP_CLR_FD) = 0 [pid 4025] close(4) = 0 [pid 4025] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 110.005609][ T4026] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4025] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4025] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 110.033506][ T27] audit: type=1800 audit(1670141599.317:191): pid=4025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4025] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4025] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4025] exit_group(0) = ? [pid 4025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4025, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./189/binderfs") = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4027 ./strace-static-x86_64: Process 4027 attached [pid 4027] chdir("./190") = 0 [pid 4027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4027] setpgid(0, 0) = 0 [pid 4027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4027] write(3, "1000", 4) = 4 [pid 4027] close(3) = 0 [pid 4027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4027] memfd_create("syzkaller", 0) = 3 [pid 4027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4027] munmap(0x7eff5e600000, 2097152) = 0 [pid 4027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4027] close(3) = 0 [pid 4027] mkdir("./file0", 0777) = 0 [pid 4027] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4027] chdir("./file0") = 0 [ 110.280643][ T4027] loop0: detected capacity change from 0 to 4096 [ 110.295466][ T4027] NILFS (loop0): invalid segment: Checksum error in segment payload [ 110.303645][ T4027] NILFS (loop0): trying rollback from an earlier position [ 110.316759][ T4027] NILFS (loop0): recovery complete [pid 4027] ioctl(4, LOOP_CLR_FD) = 0 [pid 4027] close(4) = 0 [pid 4027] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4027] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4027] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 110.322710][ T4028] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.344392][ T27] audit: type=1800 audit(1670141599.627:192): pid=4027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4027] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4027] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4027] exit_group(0) = ? [pid 4027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4027, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4029 ./strace-static-x86_64: Process 4029 attached [pid 4029] chdir("./191") = 0 [pid 4029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4029] setpgid(0, 0) = 0 [pid 4029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4029] write(3, "1000", 4) = 4 [pid 4029] close(3) = 0 [pid 4029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4029] memfd_create("syzkaller", 0) = 3 [pid 4029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4029] munmap(0x7eff5e600000, 2097152) = 0 [pid 4029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4029] close(3) = 0 [pid 4029] mkdir("./file0", 0777) = 0 [ 110.581309][ T4029] loop0: detected capacity change from 0 to 4096 [ 110.598755][ T4029] NILFS (loop0): invalid segment: Checksum error in segment payload [ 110.606810][ T4029] NILFS (loop0): trying rollback from an earlier position [ 110.622230][ T4029] NILFS (loop0): recovery complete [pid 4029] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4029] chdir("./file0") = 0 [pid 4029] ioctl(4, LOOP_CLR_FD) = 0 [pid 4029] close(4) = 0 [pid 4029] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4029] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4029] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 110.628158][ T4030] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4029] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4029] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4029] exit_group(0) = ? [pid 4029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4029, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./191/binderfs") = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4031 attached , child_tidptr=0x5555555775d0) = 4031 [pid 4031] chdir("./192") = 0 [pid 4031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4031] setpgid(0, 0) = 0 [pid 4031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4031] write(3, "1000", 4) = 4 [pid 4031] close(3) = 0 [pid 4031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4031] memfd_create("syzkaller", 0) = 3 [pid 4031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4031] munmap(0x7eff5e600000, 2097152) = 0 [pid 4031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4031] close(3) = 0 [pid 4031] mkdir("./file0", 0777) = 0 [ 110.891031][ T4031] loop0: detected capacity change from 0 to 4096 [ 110.905665][ T4031] NILFS (loop0): invalid segment: Checksum error in segment payload [ 110.914079][ T4031] NILFS (loop0): trying rollback from an earlier position [ 110.927267][ T4031] NILFS (loop0): recovery complete [pid 4031] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4031] chdir("./file0") = 0 [pid 4031] ioctl(4, LOOP_CLR_FD) = 0 [pid 4031] close(4) = 0 [pid 4031] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4031] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4031] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 110.933620][ T4032] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4031] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4031] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4031] exit_group(0) = ? [pid 4031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4031, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4033 ./strace-static-x86_64: Process 4033 attached [pid 4033] chdir("./193") = 0 [pid 4033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4033] setpgid(0, 0) = 0 [pid 4033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4033] write(3, "1000", 4) = 4 [pid 4033] close(3) = 0 [pid 4033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4033] memfd_create("syzkaller", 0) = 3 [pid 4033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4033] munmap(0x7eff5e600000, 2097152) = 0 [pid 4033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4033] close(3) = 0 [pid 4033] mkdir("./file0", 0777) = 0 [pid 4033] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 111.196450][ T4033] loop0: detected capacity change from 0 to 4096 [ 111.212754][ T4033] NILFS (loop0): invalid segment: Checksum error in segment payload [ 111.220858][ T4033] NILFS (loop0): trying rollback from an earlier position [ 111.234632][ T4033] NILFS (loop0): recovery complete [pid 4033] chdir("./file0") = 0 [pid 4033] ioctl(4, LOOP_CLR_FD) = 0 [pid 4033] close(4) = 0 [pid 4033] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4033] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4033] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 111.240601][ T4034] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4033] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4033] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4033] exit_group(0) = ? [pid 4033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4033, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4035 ./strace-static-x86_64: Process 4035 attached [pid 4035] chdir("./194") = 0 [pid 4035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4035] setpgid(0, 0) = 0 [pid 4035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4035] write(3, "1000", 4) = 4 [pid 4035] close(3) = 0 [pid 4035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4035] memfd_create("syzkaller", 0) = 3 [pid 4035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4035] munmap(0x7eff5e600000, 2097152) = 0 [pid 4035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4035] close(3) = 0 [pid 4035] mkdir("./file0", 0777) = 0 [ 111.502719][ T4035] loop0: detected capacity change from 0 to 4096 [ 111.518718][ T4035] NILFS (loop0): invalid segment: Checksum error in segment payload [ 111.526722][ T4035] NILFS (loop0): trying rollback from an earlier position [ 111.540108][ T4035] NILFS (loop0): recovery complete [pid 4035] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4035] chdir("./file0") = 0 [pid 4035] ioctl(4, LOOP_CLR_FD) = 0 [pid 4035] close(4) = 0 [pid 4035] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4035] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4035] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 111.545829][ T4036] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4035] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4035] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4035] exit_group(0) = ? [pid 4035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4035, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./194/binderfs") = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4037 ./strace-static-x86_64: Process 4037 attached [pid 4037] chdir("./195") = 0 [pid 4037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4037] setpgid(0, 0) = 0 [pid 4037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4037] write(3, "1000", 4) = 4 [pid 4037] close(3) = 0 [pid 4037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4037] memfd_create("syzkaller", 0) = 3 [pid 4037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4037] munmap(0x7eff5e600000, 2097152) = 0 [pid 4037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4037] close(3) = 0 [pid 4037] mkdir("./file0", 0777) = 0 [ 111.811846][ T4037] loop0: detected capacity change from 0 to 4096 [ 111.827307][ T4037] NILFS (loop0): invalid segment: Checksum error in segment payload [ 111.835416][ T4037] NILFS (loop0): trying rollback from an earlier position [ 111.849272][ T4037] NILFS (loop0): recovery complete [pid 4037] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4037] chdir("./file0") = 0 [pid 4037] ioctl(4, LOOP_CLR_FD) = 0 [pid 4037] close(4) = 0 [pid 4037] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4037] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4037] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 111.855278][ T4038] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4037] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4037] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4037] exit_group(0) = ? [pid 4037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4037, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4039 ./strace-static-x86_64: Process 4039 attached [pid 4039] chdir("./196") = 0 [pid 4039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4039] setpgid(0, 0) = 0 [pid 4039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4039] write(3, "1000", 4) = 4 [pid 4039] close(3) = 0 [pid 4039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4039] memfd_create("syzkaller", 0) = 3 [pid 4039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4039] munmap(0x7eff5e600000, 2097152) = 0 [pid 4039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4039] close(3) = 0 [pid 4039] mkdir("./file0", 0777) = 0 [ 112.099139][ T4039] loop0: detected capacity change from 0 to 4096 [ 112.113045][ T4039] NILFS (loop0): invalid segment: Checksum error in segment payload [ 112.121141][ T4039] NILFS (loop0): trying rollback from an earlier position [ 112.135727][ T4039] NILFS (loop0): recovery complete [pid 4039] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4039] chdir("./file0") = 0 [pid 4039] ioctl(4, LOOP_CLR_FD) = 0 [pid 4039] close(4) = 0 [pid 4039] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4039] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4039] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 112.141481][ T4040] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4039] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4039] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4039] exit_group(0) = ? [pid 4039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4039, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./196/binderfs") = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4041 ./strace-static-x86_64: Process 4041 attached [pid 4041] chdir("./197") = 0 [pid 4041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4041] setpgid(0, 0) = 0 [pid 4041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4041] write(3, "1000", 4) = 4 [pid 4041] close(3) = 0 [pid 4041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4041] memfd_create("syzkaller", 0) = 3 [pid 4041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4041] munmap(0x7eff5e600000, 2097152) = 0 [pid 4041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4041] close(3) = 0 [pid 4041] mkdir("./file0", 0777) = 0 [ 112.403506][ T4041] loop0: detected capacity change from 0 to 4096 [ 112.419815][ T4041] NILFS (loop0): invalid segment: Checksum error in segment payload [ 112.427911][ T4041] NILFS (loop0): trying rollback from an earlier position [ 112.441772][ T4041] NILFS (loop0): recovery complete [pid 4041] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4041] chdir("./file0") = 0 [pid 4041] ioctl(4, LOOP_CLR_FD) = 0 [pid 4041] close(4) = 0 [pid 4041] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4041] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 112.447946][ T4042] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 112.472870][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 112.472882][ T27] audit: type=1800 audit(1670141601.757:199): pid=4041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4041] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4041] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4041] exit_group(0) = ? [pid 4041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4041, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./197/binderfs") = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4043 attached [pid 4043] chdir("./198") = 0 [pid 4043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4043] setpgid(0, 0) = 0 [pid 4043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4043] write(3, "1000", 4) = 4 [pid 4043] close(3) = 0 [pid 4043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4043] memfd_create("syzkaller", 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4043 [pid 4043] <... memfd_create resumed>) = 3 [pid 4043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4043] munmap(0x7eff5e600000, 2097152) = 0 [pid 4043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4043] close(3) = 0 [pid 4043] mkdir("./file0", 0777) = 0 [ 112.720391][ T4043] loop0: detected capacity change from 0 to 4096 [ 112.736831][ T4043] NILFS (loop0): invalid segment: Checksum error in segment payload [ 112.744923][ T4043] NILFS (loop0): trying rollback from an earlier position [ 112.758420][ T4043] NILFS (loop0): recovery complete [pid 4043] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4043] chdir("./file0") = 0 [pid 4043] ioctl(4, LOOP_CLR_FD) = 0 [pid 4043] close(4) = 0 [pid 4043] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 112.764358][ T4044] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4043] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 112.795585][ T27] audit: type=1800 audit(1670141602.077:200): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4043] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4043] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4043] exit_group(0) = ? [pid 4043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4043, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4045 attached , child_tidptr=0x5555555775d0) = 4045 [pid 4045] chdir("./199") = 0 [pid 4045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4045] setpgid(0, 0) = 0 [pid 4045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4045] write(3, "1000", 4) = 4 [pid 4045] close(3) = 0 [pid 4045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4045] memfd_create("syzkaller", 0) = 3 [pid 4045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4045] munmap(0x7eff5e600000, 2097152) = 0 [pid 4045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4045] close(3) = 0 [pid 4045] mkdir("./file0", 0777) = 0 [ 113.043768][ T4045] loop0: detected capacity change from 0 to 4096 [ 113.060521][ T4045] NILFS (loop0): invalid segment: Checksum error in segment payload [ 113.068791][ T4045] NILFS (loop0): trying rollback from an earlier position [ 113.082687][ T4045] NILFS (loop0): recovery complete [pid 4045] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4045] chdir("./file0") = 0 [pid 4045] ioctl(4, LOOP_CLR_FD) = 0 [pid 4045] close(4) = 0 [pid 4045] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4045] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4045] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 113.088590][ T4046] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.105094][ T27] audit: type=1800 audit(1670141602.387:201): pid=4045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4045] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4045] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4045] exit_group(0) = ? [pid 4045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4045, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./199/binderfs") = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4047 ./strace-static-x86_64: Process 4047 attached [pid 4047] chdir("./200") = 0 [pid 4047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4047] setpgid(0, 0) = 0 [pid 4047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4047] write(3, "1000", 4) = 4 [pid 4047] close(3) = 0 [pid 4047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4047] memfd_create("syzkaller", 0) = 3 [pid 4047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4047] munmap(0x7eff5e600000, 2097152) = 0 [pid 4047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4047] close(3) = 0 [pid 4047] mkdir("./file0", 0777) = 0 [ 113.355499][ T4047] loop0: detected capacity change from 0 to 4096 [ 113.372345][ T4047] NILFS (loop0): invalid segment: Checksum error in segment payload [ 113.380408][ T4047] NILFS (loop0): trying rollback from an earlier position [ 113.394530][ T4047] NILFS (loop0): recovery complete [pid 4047] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4047] chdir("./file0") = 0 [pid 4047] ioctl(4, LOOP_CLR_FD) = 0 [pid 4047] close(4) = 0 [pid 4047] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 113.400271][ T4048] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4047] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4047] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 113.431030][ T27] audit: type=1800 audit(1670141602.717:202): pid=4047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4047] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4047] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4047] exit_group(0) = ? [pid 4047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4047, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./200/binderfs") = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4049 ./strace-static-x86_64: Process 4049 attached [pid 4049] chdir("./201") = 0 [pid 4049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4049] setpgid(0, 0) = 0 [pid 4049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4049] write(3, "1000", 4) = 4 [pid 4049] close(3) = 0 [pid 4049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4049] memfd_create("syzkaller", 0) = 3 [pid 4049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4049] munmap(0x7eff5e600000, 2097152) = 0 [pid 4049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4049] close(3) = 0 [pid 4049] mkdir("./file0", 0777) = 0 [ 113.685895][ T4049] loop0: detected capacity change from 0 to 4096 [ 113.702322][ T4049] NILFS (loop0): invalid segment: Checksum error in segment payload [ 113.710619][ T4049] NILFS (loop0): trying rollback from an earlier position [ 113.723905][ T4049] NILFS (loop0): recovery complete [pid 4049] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4049] chdir("./file0") = 0 [pid 4049] ioctl(4, LOOP_CLR_FD) = 0 [pid 4049] close(4) = 0 [pid 4049] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4049] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4049] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 113.730044][ T4050] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.741030][ T27] audit: type=1800 audit(1670141603.017:203): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4049] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4049] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4049] exit_group(0) = ? [pid 4049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4049, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./201/binderfs") = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4051 attached [pid 4051] chdir("./202") = 0 [pid 4051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4051] setpgid(0, 0) = 0 [pid 4051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4051 [pid 4051] <... openat resumed>) = 3 [pid 4051] write(3, "1000", 4) = 4 [pid 4051] close(3) = 0 [pid 4051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4051] memfd_create("syzkaller", 0) = 3 [pid 4051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4051] munmap(0x7eff5e600000, 2097152) = 0 [pid 4051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4051] close(3) = 0 [pid 4051] mkdir("./file0", 0777) = 0 [ 113.985614][ T4051] loop0: detected capacity change from 0 to 4096 [ 114.001208][ T4051] NILFS (loop0): invalid segment: Checksum error in segment payload [ 114.009285][ T4051] NILFS (loop0): trying rollback from an earlier position [ 114.022666][ T4051] NILFS (loop0): recovery complete [pid 4051] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4051] chdir("./file0") = 0 [pid 4051] ioctl(4, LOOP_CLR_FD) = 0 [pid 4051] close(4) = 0 [pid 4051] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4051] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4051] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 114.028700][ T4052] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 114.044372][ T27] audit: type=1800 audit(1670141603.327:204): pid=4051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4051] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4051] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4051] exit_group(0) = ? [pid 4051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4051, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4053 ./strace-static-x86_64: Process 4053 attached [pid 4053] chdir("./203") = 0 [pid 4053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4053] setpgid(0, 0) = 0 [pid 4053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4053] write(3, "1000", 4) = 4 [pid 4053] close(3) = 0 [pid 4053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4053] memfd_create("syzkaller", 0) = 3 [pid 4053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4053] munmap(0x7eff5e600000, 2097152) = 0 [pid 4053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4053] close(3) = 0 [pid 4053] mkdir("./file0", 0777) = 0 [pid 4053] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 114.301271][ T4053] loop0: detected capacity change from 0 to 4096 [ 114.317724][ T4053] NILFS (loop0): invalid segment: Checksum error in segment payload [ 114.325740][ T4053] NILFS (loop0): trying rollback from an earlier position [ 114.338126][ T4053] NILFS (loop0): recovery complete [pid 4053] chdir("./file0") = 0 [pid 4053] ioctl(4, LOOP_CLR_FD) = 0 [pid 4053] close(4) = 0 [pid 4053] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4053] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4053] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 114.344080][ T4054] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 114.360322][ T27] audit: type=1800 audit(1670141603.647:205): pid=4053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4053] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4053] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4053] exit_group(0) = ? [pid 4053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4053, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4055 ./strace-static-x86_64: Process 4055 attached [pid 4055] chdir("./204") = 0 [pid 4055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4055] setpgid(0, 0) = 0 [pid 4055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4055] write(3, "1000", 4) = 4 [pid 4055] close(3) = 0 [pid 4055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4055] memfd_create("syzkaller", 0) = 3 [pid 4055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4055] munmap(0x7eff5e600000, 2097152) = 0 [pid 4055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4055] close(3) = 0 [pid 4055] mkdir("./file0", 0777) = 0 [ 114.600232][ T4055] loop0: detected capacity change from 0 to 4096 [ 114.618773][ T4055] NILFS (loop0): invalid segment: Checksum error in segment payload [ 114.626833][ T4055] NILFS (loop0): trying rollback from an earlier position [ 114.640606][ T4055] NILFS (loop0): recovery complete [pid 4055] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4055] chdir("./file0") = 0 [pid 4055] ioctl(4, LOOP_CLR_FD) = 0 [pid 4055] close(4) = 0 [pid 4055] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4055] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 114.646505][ T4056] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 114.662067][ T27] audit: type=1800 audit(1670141603.947:206): pid=4055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4055] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4055] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4055] exit_group(0) = ? [pid 4055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4055, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./204/binderfs") = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4057 ./strace-static-x86_64: Process 4057 attached [pid 4057] chdir("./205") = 0 [pid 4057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4057] setpgid(0, 0) = 0 [pid 4057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4057] write(3, "1000", 4) = 4 [pid 4057] close(3) = 0 [pid 4057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4057] memfd_create("syzkaller", 0) = 3 [pid 4057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4057] munmap(0x7eff5e600000, 2097152) = 0 [pid 4057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4057] close(3) = 0 [pid 4057] mkdir("./file0", 0777) = 0 [ 114.902022][ T4057] loop0: detected capacity change from 0 to 4096 [ 114.917168][ T4057] NILFS (loop0): invalid segment: Checksum error in segment payload [ 114.925525][ T4057] NILFS (loop0): trying rollback from an earlier position [ 114.938155][ T4057] NILFS (loop0): recovery complete [pid 4057] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4057] chdir("./file0") = 0 [pid 4057] ioctl(4, LOOP_CLR_FD) = 0 [pid 4057] close(4) = 0 [pid 4057] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4057] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4057] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 114.943914][ T4058] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 114.947603][ T27] audit: type=1800 audit(1670141604.227:207): pid=4057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4057] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4057] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4057] exit_group(0) = ? [pid 4057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4057, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./205/binderfs") = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4059 ./strace-static-x86_64: Process 4059 attached [pid 4059] chdir("./206") = 0 [pid 4059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4059] setpgid(0, 0) = 0 [pid 4059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4059] write(3, "1000", 4) = 4 [pid 4059] close(3) = 0 [pid 4059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4059] memfd_create("syzkaller", 0) = 3 [pid 4059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4059] munmap(0x7eff5e600000, 2097152) = 0 [pid 4059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4059] close(3) = 0 [pid 4059] mkdir("./file0", 0777) = 0 [ 115.216085][ T4059] loop0: detected capacity change from 0 to 4096 [ 115.231946][ T4059] NILFS (loop0): invalid segment: Checksum error in segment payload [ 115.240031][ T4059] NILFS (loop0): trying rollback from an earlier position [ 115.252756][ T4059] NILFS (loop0): recovery complete [pid 4059] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4059] chdir("./file0") = 0 [pid 4059] ioctl(4, LOOP_CLR_FD) = 0 [pid 4059] close(4) = 0 [pid 4059] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4059] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4059] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 115.259001][ T4060] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 115.281349][ T27] audit: type=1800 audit(1670141604.567:208): pid=4059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4059] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4059] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4059] exit_group(0) = ? [pid 4059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4059, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./206/binderfs") = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4061 ./strace-static-x86_64: Process 4061 attached [pid 4061] chdir("./207") = 0 [pid 4061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4061] setpgid(0, 0) = 0 [pid 4061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4061] write(3, "1000", 4) = 4 [pid 4061] close(3) = 0 [pid 4061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4061] memfd_create("syzkaller", 0) = 3 [pid 4061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4061] munmap(0x7eff5e600000, 2097152) = 0 [pid 4061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4061] close(3) = 0 [pid 4061] mkdir("./file0", 0777) = 0 [pid 4061] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4061] chdir("./file0") = 0 [ 115.539698][ T4061] loop0: detected capacity change from 0 to 4096 [ 115.556741][ T4061] NILFS (loop0): invalid segment: Checksum error in segment payload [ 115.564861][ T4061] NILFS (loop0): trying rollback from an earlier position [ 115.578002][ T4061] NILFS (loop0): recovery complete [pid 4061] ioctl(4, LOOP_CLR_FD) = 0 [pid 4061] close(4) = 0 [pid 4061] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4061] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 115.583935][ T4062] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4061] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4061] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4061] exit_group(0) = ? [pid 4061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4061, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./207/binderfs") = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4063 ./strace-static-x86_64: Process 4063 attached [pid 4063] chdir("./208") = 0 [pid 4063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4063] setpgid(0, 0) = 0 [pid 4063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4063] write(3, "1000", 4) = 4 [pid 4063] close(3) = 0 [pid 4063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4063] memfd_create("syzkaller", 0) = 3 [pid 4063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4063] munmap(0x7eff5e600000, 2097152) = 0 [pid 4063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4063] close(3) = 0 [pid 4063] mkdir("./file0", 0777) = 0 [pid 4063] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 115.839116][ T4063] loop0: detected capacity change from 0 to 4096 [ 115.855981][ T4063] NILFS (loop0): invalid segment: Checksum error in segment payload [ 115.864022][ T4063] NILFS (loop0): trying rollback from an earlier position [ 115.877282][ T4063] NILFS (loop0): recovery complete [pid 4063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4063] chdir("./file0") = 0 [pid 4063] ioctl(4, LOOP_CLR_FD) = 0 [pid 4063] close(4) = 0 [pid 4063] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4063] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4063] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 115.883313][ T4064] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4063] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4063] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4063] exit_group(0) = ? [pid 4063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4063, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4065 ./strace-static-x86_64: Process 4065 attached [pid 4065] chdir("./209") = 0 [pid 4065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4065] setpgid(0, 0) = 0 [pid 4065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4065] write(3, "1000", 4) = 4 [pid 4065] close(3) = 0 [pid 4065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4065] memfd_create("syzkaller", 0) = 3 [pid 4065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4065] munmap(0x7eff5e600000, 2097152) = 0 [pid 4065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4065] close(3) = 0 [pid 4065] mkdir("./file0", 0777) = 0 [ 116.143325][ T4065] loop0: detected capacity change from 0 to 4096 [ 116.158591][ T4065] NILFS (loop0): invalid segment: Checksum error in segment payload [ 116.166597][ T4065] NILFS (loop0): trying rollback from an earlier position [ 116.179870][ T4065] NILFS (loop0): recovery complete [pid 4065] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4065] chdir("./file0") = 0 [pid 4065] ioctl(4, LOOP_CLR_FD) = 0 [pid 4065] close(4) = 0 [pid 4065] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4065] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4065] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 116.186060][ T4066] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4065] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4065] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4065] exit_group(0) = ? [pid 4065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4065, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./209/binderfs") = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4067 ./strace-static-x86_64: Process 4067 attached [pid 4067] chdir("./210") = 0 [pid 4067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4067] setpgid(0, 0) = 0 [pid 4067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4067] write(3, "1000", 4) = 4 [pid 4067] close(3) = 0 [pid 4067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4067] memfd_create("syzkaller", 0) = 3 [pid 4067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4067] munmap(0x7eff5e600000, 2097152) = 0 [pid 4067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4067] close(3) = 0 [pid 4067] mkdir("./file0", 0777) = 0 [pid 4067] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 116.439437][ T4067] loop0: detected capacity change from 0 to 4096 [ 116.455330][ T4067] NILFS (loop0): invalid segment: Checksum error in segment payload [ 116.463525][ T4067] NILFS (loop0): trying rollback from an earlier position [ 116.476667][ T4067] NILFS (loop0): recovery complete [pid 4067] chdir("./file0") = 0 [pid 4067] ioctl(4, LOOP_CLR_FD) = 0 [pid 4067] close(4) = 0 [pid 4067] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4067] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4067] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 116.482836][ T4068] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4067] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4067] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4067] exit_group(0) = ? [pid 4067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4067, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./210/binderfs") = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4069 attached , child_tidptr=0x5555555775d0) = 4069 [pid 4069] chdir("./211") = 0 [pid 4069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4069] setpgid(0, 0) = 0 [pid 4069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4069] write(3, "1000", 4) = 4 [pid 4069] close(3) = 0 [pid 4069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4069] memfd_create("syzkaller", 0) = 3 [pid 4069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4069] munmap(0x7eff5e600000, 2097152) = 0 [pid 4069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4069] close(3) = 0 [pid 4069] mkdir("./file0", 0777) = 0 [ 116.736383][ T4069] loop0: detected capacity change from 0 to 4096 [ 116.752233][ T4069] NILFS (loop0): invalid segment: Checksum error in segment payload [ 116.760421][ T4069] NILFS (loop0): trying rollback from an earlier position [ 116.775046][ T4069] NILFS (loop0): recovery complete [pid 4069] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4069] chdir("./file0") = 0 [pid 4069] ioctl(4, LOOP_CLR_FD) = 0 [pid 4069] close(4) = 0 [pid 4069] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4069] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4069] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 116.781011][ T4070] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4069] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4069] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4069] exit_group(0) = ? [pid 4069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4069, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4071 ./strace-static-x86_64: Process 4071 attached [pid 4071] chdir("./212") = 0 [pid 4071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4071] setpgid(0, 0) = 0 [pid 4071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4071] write(3, "1000", 4) = 4 [pid 4071] close(3) = 0 [pid 4071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4071] memfd_create("syzkaller", 0) = 3 [pid 4071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4071] munmap(0x7eff5e600000, 2097152) = 0 [pid 4071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4071] close(3) = 0 [pid 4071] mkdir("./file0", 0777) = 0 [ 117.038213][ T4071] loop0: detected capacity change from 0 to 4096 [ 117.056378][ T4071] NILFS (loop0): invalid segment: Checksum error in segment payload [ 117.064712][ T4071] NILFS (loop0): trying rollback from an earlier position [ 117.078361][ T4071] NILFS (loop0): recovery complete [pid 4071] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4071] chdir("./file0") = 0 [pid 4071] ioctl(4, LOOP_CLR_FD) = 0 [pid 4071] close(4) = 0 [pid 4071] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4071] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4071] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 117.084430][ T4072] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4071] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4071] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4071] exit_group(0) = ? [pid 4071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4071, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./212/binderfs") = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4073 ./strace-static-x86_64: Process 4073 attached [pid 4073] chdir("./213") = 0 [pid 4073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4073] setpgid(0, 0) = 0 [pid 4073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4073] write(3, "1000", 4) = 4 [pid 4073] close(3) = 0 [pid 4073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4073] memfd_create("syzkaller", 0) = 3 [pid 4073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4073] munmap(0x7eff5e600000, 2097152) = 0 [pid 4073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4073] close(3) = 0 [pid 4073] mkdir("./file0", 0777) = 0 [ 117.356025][ T4073] loop0: detected capacity change from 0 to 4096 [ 117.371399][ T4073] NILFS (loop0): invalid segment: Checksum error in segment payload [ 117.379465][ T4073] NILFS (loop0): trying rollback from an earlier position [ 117.392146][ T4073] NILFS (loop0): recovery complete [pid 4073] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4073] chdir("./file0") = 0 [pid 4073] ioctl(4, LOOP_CLR_FD) = 0 [pid 4073] close(4) = 0 [pid 4073] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4073] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 117.398263][ T4074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4073] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4073] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4073] exit_group(0) = ? [pid 4073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4073, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4075 ./strace-static-x86_64: Process 4075 attached [pid 4075] chdir("./214") = 0 [pid 4075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4075] setpgid(0, 0) = 0 [pid 4075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4075] write(3, "1000", 4) = 4 [pid 4075] close(3) = 0 [pid 4075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4075] memfd_create("syzkaller", 0) = 3 [pid 4075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4075] munmap(0x7eff5e600000, 2097152) = 0 [pid 4075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4075] close(3) = 0 [pid 4075] mkdir("./file0", 0777) = 0 [ 117.660139][ T4075] loop0: detected capacity change from 0 to 4096 [ 117.675212][ T4075] NILFS (loop0): invalid segment: Checksum error in segment payload [ 117.683273][ T4075] NILFS (loop0): trying rollback from an earlier position [ 117.696487][ T4075] NILFS (loop0): recovery complete [pid 4075] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4075] chdir("./file0") = 0 [pid 4075] ioctl(4, LOOP_CLR_FD) = 0 [pid 4075] close(4) = 0 [pid 4075] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4075] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 117.702366][ T4076] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 117.730272][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 117.730281][ T27] audit: type=1800 audit(1670141607.017:216): pid=4075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4075] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4075] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4075] exit_group(0) = ? [pid 4075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4075, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4077 ./strace-static-x86_64: Process 4077 attached [pid 4077] chdir("./215") = 0 [pid 4077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4077] setpgid(0, 0) = 0 [pid 4077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4077] write(3, "1000", 4) = 4 [pid 4077] close(3) = 0 [pid 4077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4077] memfd_create("syzkaller", 0) = 3 [pid 4077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4077] munmap(0x7eff5e600000, 2097152) = 0 [pid 4077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4077] close(3) = 0 [pid 4077] mkdir("./file0", 0777) = 0 [pid 4077] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4077] chdir("./file0") = 0 [pid 4077] ioctl(4, LOOP_CLR_FD) = 0 [ 117.991107][ T4077] loop0: detected capacity change from 0 to 4096 [ 118.006131][ T4077] NILFS (loop0): invalid segment: Checksum error in segment payload [ 118.014272][ T4077] NILFS (loop0): trying rollback from an earlier position [ 118.029577][ T4077] NILFS (loop0): recovery complete [pid 4077] close(4) = 0 [pid 4077] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4077] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4077] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 118.035565][ T4078] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 118.060411][ T27] audit: type=1800 audit(1670141607.347:217): pid=4077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4077] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4077] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4077] exit_group(0) = ? [pid 4077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4077, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4079 ./strace-static-x86_64: Process 4079 attached [pid 4079] chdir("./216") = 0 [pid 4079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4079] setpgid(0, 0) = 0 [pid 4079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4079] write(3, "1000", 4) = 4 [pid 4079] close(3) = 0 [pid 4079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4079] memfd_create("syzkaller", 0) = 3 [pid 4079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4079] munmap(0x7eff5e600000, 2097152) = 0 [pid 4079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4079] close(3) = 0 [pid 4079] mkdir("./file0", 0777) = 0 [ 118.312681][ T4079] loop0: detected capacity change from 0 to 4096 [ 118.328097][ T4079] NILFS (loop0): invalid segment: Checksum error in segment payload [ 118.336104][ T4079] NILFS (loop0): trying rollback from an earlier position [ 118.349398][ T4079] NILFS (loop0): recovery complete [pid 4079] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4079] chdir("./file0") = 0 [pid 4079] ioctl(4, LOOP_CLR_FD) = 0 [pid 4079] close(4) = 0 [pid 4079] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4079] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 118.355440][ T4080] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 118.373083][ T27] audit: type=1800 audit(1670141607.657:218): pid=4079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4079] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4079] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4079] exit_group(0) = ? [pid 4079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4079, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./216/binderfs") = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4081 ./strace-static-x86_64: Process 4081 attached [pid 4081] chdir("./217") = 0 [pid 4081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4081] setpgid(0, 0) = 0 [pid 4081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4081] write(3, "1000", 4) = 4 [pid 4081] close(3) = 0 [pid 4081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4081] memfd_create("syzkaller", 0) = 3 [pid 4081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4081] munmap(0x7eff5e600000, 2097152) = 0 [pid 4081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4081] close(3) = 0 [pid 4081] mkdir("./file0", 0777) = 0 [ 118.646428][ T4081] loop0: detected capacity change from 0 to 4096 [ 118.663554][ T4081] NILFS (loop0): invalid segment: Checksum error in segment payload [ 118.671650][ T4081] NILFS (loop0): trying rollback from an earlier position [ 118.685210][ T4081] NILFS (loop0): recovery complete [pid 4081] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4081] chdir("./file0") = 0 [pid 4081] ioctl(4, LOOP_CLR_FD) = 0 [pid 4081] close(4) = 0 [pid 4081] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4081] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4081] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 118.691186][ T4082] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 118.708100][ T27] audit: type=1800 audit(1670141607.987:219): pid=4081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4081] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4081] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4081] exit_group(0) = ? [pid 4081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4081, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./217/binderfs") = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4083 ./strace-static-x86_64: Process 4083 attached [pid 4083] chdir("./218") = 0 [pid 4083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4083] setpgid(0, 0) = 0 [pid 4083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4083] write(3, "1000", 4) = 4 [pid 4083] close(3) = 0 [pid 4083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4083] memfd_create("syzkaller", 0) = 3 [pid 4083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4083] munmap(0x7eff5e600000, 2097152) = 0 [pid 4083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4083] close(3) = 0 [pid 4083] mkdir("./file0", 0777) = 0 [ 118.934247][ T4083] loop0: detected capacity change from 0 to 4096 [ 118.950256][ T4083] NILFS (loop0): invalid segment: Checksum error in segment payload [ 118.958323][ T4083] NILFS (loop0): trying rollback from an earlier position [ 118.971360][ T4083] NILFS (loop0): recovery complete [pid 4083] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4083] chdir("./file0") = 0 [pid 4083] ioctl(4, LOOP_CLR_FD) = 0 [pid 4083] close(4) = 0 [pid 4083] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4083] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 118.977568][ T4084] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.002306][ T27] audit: type=1800 audit(1670141608.287:220): pid=4083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4083] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4083] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4083] exit_group(0) = ? [pid 4083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4083, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./218/binderfs") = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4085 ./strace-static-x86_64: Process 4085 attached [pid 4085] chdir("./219") = 0 [pid 4085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4085] setpgid(0, 0) = 0 [pid 4085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4085] write(3, "1000", 4) = 4 [pid 4085] close(3) = 0 [pid 4085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4085] memfd_create("syzkaller", 0) = 3 [pid 4085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4085] munmap(0x7eff5e600000, 2097152) = 0 [pid 4085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4085] close(3) = 0 [pid 4085] mkdir("./file0", 0777) = 0 [ 119.247976][ T4085] loop0: detected capacity change from 0 to 4096 [ 119.263395][ T4085] NILFS (loop0): invalid segment: Checksum error in segment payload [ 119.271443][ T4085] NILFS (loop0): trying rollback from an earlier position [ 119.284603][ T4085] NILFS (loop0): recovery complete [pid 4085] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4085] chdir("./file0") = 0 [pid 4085] ioctl(4, LOOP_CLR_FD) = 0 [pid 4085] close(4) = 0 [pid 4085] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4085] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 119.290681][ T4086] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.314137][ T27] audit: type=1800 audit(1670141608.597:221): pid=4085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4085] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4085] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4085] exit_group(0) = ? [pid 4085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4085, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./219/binderfs") = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4087 attached , child_tidptr=0x5555555775d0) = 4087 [pid 4087] chdir("./220") = 0 [pid 4087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4087] setpgid(0, 0) = 0 [pid 4087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4087] write(3, "1000", 4) = 4 [pid 4087] close(3) = 0 [pid 4087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4087] memfd_create("syzkaller", 0) = 3 [pid 4087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4087] munmap(0x7eff5e600000, 2097152) = 0 [pid 4087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4087] close(3) = 0 [pid 4087] mkdir("./file0", 0777) = 0 [ 119.591403][ T4087] loop0: detected capacity change from 0 to 4096 [ 119.617901][ T4087] NILFS (loop0): invalid segment: Checksum error in segment payload [ 119.625952][ T4087] NILFS (loop0): trying rollback from an earlier position [pid 4087] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4087] chdir("./file0") = 0 [pid 4087] ioctl(4, LOOP_CLR_FD) = 0 [pid 4087] close(4) = 0 [pid 4087] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4087] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4087] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 119.639551][ T4087] NILFS (loop0): recovery complete [ 119.645503][ T4088] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.669952][ T27] audit: type=1800 audit(1670141608.957:222): pid=4087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4087] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4087] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4087] exit_group(0) = ? [pid 4087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4087, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./220/binderfs") = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4089 ./strace-static-x86_64: Process 4089 attached [pid 4089] chdir("./221") = 0 [pid 4089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4089] setpgid(0, 0) = 0 [pid 4089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4089] write(3, "1000", 4) = 4 [pid 4089] close(3) = 0 [pid 4089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4089] memfd_create("syzkaller", 0) = 3 [pid 4089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4089] munmap(0x7eff5e600000, 2097152) = 0 [pid 4089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4089] close(3) = 0 [pid 4089] mkdir("./file0", 0777) = 0 [ 119.907845][ T4089] loop0: detected capacity change from 0 to 4096 [ 119.923065][ T4089] NILFS (loop0): invalid segment: Checksum error in segment payload [ 119.931413][ T4089] NILFS (loop0): trying rollback from an earlier position [ 119.945897][ T4089] NILFS (loop0): recovery complete [pid 4089] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4089] chdir("./file0") = 0 [pid 4089] ioctl(4, LOOP_CLR_FD) = 0 [pid 4089] close(4) = 0 [pid 4089] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4089] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4089] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 119.952223][ T4090] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.968319][ T27] audit: type=1800 audit(1670141609.257:223): pid=4089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4089] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4089] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4089] exit_group(0) = ? [pid 4089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4089, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./221/binderfs") = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4091 ./strace-static-x86_64: Process 4091 attached [pid 4091] chdir("./222") = 0 [pid 4091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4091] setpgid(0, 0) = 0 [pid 4091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4091] write(3, "1000", 4) = 4 [pid 4091] close(3) = 0 [pid 4091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4091] memfd_create("syzkaller", 0) = 3 [pid 4091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4091] munmap(0x7eff5e600000, 2097152) = 0 [pid 4091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4091] close(3) = 0 [pid 4091] mkdir("./file0", 0777) = 0 [pid 4091] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4091] chdir("./file0") = 0 [pid 4091] ioctl(4, LOOP_CLR_FD) = 0 [ 120.201566][ T4091] loop0: detected capacity change from 0 to 4096 [ 120.216155][ T4091] NILFS (loop0): invalid segment: Checksum error in segment payload [ 120.224220][ T4091] NILFS (loop0): trying rollback from an earlier position [ 120.236586][ T4091] NILFS (loop0): recovery complete [pid 4091] close(4) = 0 [pid 4091] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 120.242605][ T4092] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4091] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 120.279952][ T27] audit: type=1800 audit(1670141609.567:224): pid=4091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4091] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4091] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4091] exit_group(0) = ? [pid 4091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4091, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./222/binderfs") = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4093 ./strace-static-x86_64: Process 4093 attached [pid 4093] chdir("./223") = 0 [pid 4093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4093] setpgid(0, 0) = 0 [pid 4093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4093] write(3, "1000", 4) = 4 [pid 4093] close(3) = 0 [pid 4093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4093] memfd_create("syzkaller", 0) = 3 [pid 4093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4093] munmap(0x7eff5e600000, 2097152) = 0 [pid 4093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4093] close(3) = 0 [pid 4093] mkdir("./file0", 0777) = 0 [ 120.510045][ T4093] loop0: detected capacity change from 0 to 4096 [ 120.525395][ T4093] NILFS (loop0): invalid segment: Checksum error in segment payload [ 120.533491][ T4093] NILFS (loop0): trying rollback from an earlier position [ 120.546476][ T4093] NILFS (loop0): recovery complete [pid 4093] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4093] chdir("./file0") = 0 [pid 4093] ioctl(4, LOOP_CLR_FD) = 0 [pid 4093] close(4) = 0 [pid 4093] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4093] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 120.552545][ T4094] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 120.572190][ T27] audit: type=1800 audit(1670141609.857:225): pid=4093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4093] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4093] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4093] exit_group(0) = ? [pid 4093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4093, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./223/binderfs") = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4095 ./strace-static-x86_64: Process 4095 attached [pid 4095] chdir("./224") = 0 [pid 4095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4095] setpgid(0, 0) = 0 [pid 4095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4095] write(3, "1000", 4) = 4 [pid 4095] close(3) = 0 [pid 4095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4095] memfd_create("syzkaller", 0) = 3 [pid 4095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4095] munmap(0x7eff5e600000, 2097152) = 0 [pid 4095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4095] close(3) = 0 [pid 4095] mkdir("./file0", 0777) = 0 [ 120.821797][ T4095] loop0: detected capacity change from 0 to 4096 [ 120.838226][ T4095] NILFS (loop0): invalid segment: Checksum error in segment payload [ 120.847783][ T4095] NILFS (loop0): trying rollback from an earlier position [ 120.861705][ T4095] NILFS (loop0): recovery complete [pid 4095] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4095] chdir("./file0") = 0 [pid 4095] ioctl(4, LOOP_CLR_FD) = 0 [pid 4095] close(4) = 0 [pid 4095] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4095] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4095] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 120.867715][ T4096] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4095] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4095] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4095] exit_group(0) = ? [pid 4095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4095, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./224/binderfs") = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4097 ./strace-static-x86_64: Process 4097 attached [pid 4097] chdir("./225") = 0 [pid 4097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4097] setpgid(0, 0) = 0 [pid 4097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4097] write(3, "1000", 4) = 4 [pid 4097] close(3) = 0 [pid 4097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4097] memfd_create("syzkaller", 0) = 3 [pid 4097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4097] munmap(0x7eff5e600000, 2097152) = 0 [pid 4097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4097] close(3) = 0 [pid 4097] mkdir("./file0", 0777) = 0 [pid 4097] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4097] chdir("./file0") = 0 [pid 4097] ioctl(4, LOOP_CLR_FD) = 0 [pid 4097] close(4) = 0 [pid 4097] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 121.115457][ T4097] loop0: detected capacity change from 0 to 4096 [ 121.131308][ T4097] NILFS (loop0): invalid segment: Checksum error in segment payload [ 121.139344][ T4097] NILFS (loop0): trying rollback from an earlier position [ 121.152181][ T4097] NILFS (loop0): recovery complete [pid 4097] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4097] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 121.158585][ T4098] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4097] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4097] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4097] exit_group(0) = ? [pid 4097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4097, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./225/binderfs") = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4099 ./strace-static-x86_64: Process 4099 attached [pid 4099] chdir("./226") = 0 [pid 4099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4099] setpgid(0, 0) = 0 [pid 4099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4099] write(3, "1000", 4) = 4 [pid 4099] close(3) = 0 [pid 4099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4099] memfd_create("syzkaller", 0) = 3 [pid 4099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4099] munmap(0x7eff5e600000, 2097152) = 0 [pid 4099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4099] close(3) = 0 [pid 4099] mkdir("./file0", 0777) = 0 [ 121.396347][ T4099] loop0: detected capacity change from 0 to 4096 [ 121.414332][ T4099] NILFS (loop0): invalid segment: Checksum error in segment payload [ 121.422438][ T4099] NILFS (loop0): trying rollback from an earlier position [ 121.435681][ T4099] NILFS (loop0): recovery complete [pid 4099] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4099] chdir("./file0") = 0 [pid 4099] ioctl(4, LOOP_CLR_FD) = 0 [pid 4099] close(4) = 0 [pid 4099] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4099] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4099] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 121.441958][ T4100] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4099] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4099] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4099] exit_group(0) = ? [pid 4099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4099, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./226/binderfs") = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4101 ./strace-static-x86_64: Process 4101 attached [pid 4101] chdir("./227") = 0 [pid 4101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4101] setpgid(0, 0) = 0 [pid 4101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4101] write(3, "1000", 4) = 4 [pid 4101] close(3) = 0 [pid 4101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4101] memfd_create("syzkaller", 0) = 3 [pid 4101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4101] munmap(0x7eff5e600000, 2097152) = 0 [pid 4101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4101] close(3) = 0 [pid 4101] mkdir("./file0", 0777) = 0 [ 121.690879][ T4101] loop0: detected capacity change from 0 to 4096 [ 121.706265][ T4101] NILFS (loop0): invalid segment: Checksum error in segment payload [ 121.714316][ T4101] NILFS (loop0): trying rollback from an earlier position [ 121.727544][ T4101] NILFS (loop0): recovery complete [pid 4101] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4101] chdir("./file0") = 0 [pid 4101] ioctl(4, LOOP_CLR_FD) = 0 [pid 4101] close(4) = 0 [pid 4101] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4101] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4101] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 121.733564][ T4102] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4101] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4101] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4101] exit_group(0) = ? [pid 4101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4101, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./227/binderfs") = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4103 ./strace-static-x86_64: Process 4103 attached [pid 4103] chdir("./228") = 0 [pid 4103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4103] setpgid(0, 0) = 0 [pid 4103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4103] write(3, "1000", 4) = 4 [pid 4103] close(3) = 0 [pid 4103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4103] memfd_create("syzkaller", 0) = 3 [pid 4103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4103] munmap(0x7eff5e600000, 2097152) = 0 [pid 4103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4103] close(3) = 0 [pid 4103] mkdir("./file0", 0777) = 0 [ 121.993686][ T4103] loop0: detected capacity change from 0 to 4096 [ 122.009753][ T4103] NILFS (loop0): invalid segment: Checksum error in segment payload [ 122.017807][ T4103] NILFS (loop0): trying rollback from an earlier position [ 122.030853][ T4103] NILFS (loop0): recovery complete [pid 4103] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4103] chdir("./file0") = 0 [pid 4103] ioctl(4, LOOP_CLR_FD) = 0 [pid 4103] close(4) = 0 [pid 4103] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4103] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 122.036603][ T4104] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4103] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4103] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4103] exit_group(0) = ? [pid 4103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4103, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./228/binderfs") = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4105 ./strace-static-x86_64: Process 4105 attached [pid 4105] chdir("./229") = 0 [pid 4105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4105] setpgid(0, 0) = 0 [pid 4105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4105] write(3, "1000", 4) = 4 [pid 4105] close(3) = 0 [pid 4105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4105] memfd_create("syzkaller", 0) = 3 [pid 4105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4105] munmap(0x7eff5e600000, 2097152) = 0 [pid 4105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4105] close(3) = 0 [pid 4105] mkdir("./file0", 0777) = 0 [pid 4105] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4105] chdir("./file0") = 0 [pid 4105] ioctl(4, LOOP_CLR_FD) = 0 [ 122.312564][ T4105] loop0: detected capacity change from 0 to 4096 [ 122.328727][ T4105] NILFS (loop0): invalid segment: Checksum error in segment payload [ 122.336726][ T4105] NILFS (loop0): trying rollback from an earlier position [ 122.349927][ T4105] NILFS (loop0): recovery complete [pid 4105] close(4) = 0 [pid 4105] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4105] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 122.355803][ T4106] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4105] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4105] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4105] exit_group(0) = ? [pid 4105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4105, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./229/binderfs") = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4107 ./strace-static-x86_64: Process 4107 attached [pid 4107] chdir("./230") = 0 [pid 4107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4107] setpgid(0, 0) = 0 [pid 4107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4107] write(3, "1000", 4) = 4 [pid 4107] close(3) = 0 [pid 4107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4107] memfd_create("syzkaller", 0) = 3 [pid 4107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4107] munmap(0x7eff5e600000, 2097152) = 0 [pid 4107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4107] close(3) = 0 [pid 4107] mkdir("./file0", 0777) = 0 [pid 4107] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 122.601866][ T4107] loop0: detected capacity change from 0 to 4096 [ 122.616610][ T4107] NILFS (loop0): invalid segment: Checksum error in segment payload [ 122.624751][ T4107] NILFS (loop0): trying rollback from an earlier position [ 122.637741][ T4107] NILFS (loop0): recovery complete [pid 4107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4107] chdir("./file0") = 0 [pid 4107] ioctl(4, LOOP_CLR_FD) = 0 [pid 4107] close(4) = 0 [pid 4107] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4107] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4107] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 122.644154][ T4108] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4107] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4107] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4107] exit_group(0) = ? [pid 4107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4107, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./230/binderfs") = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4109 ./strace-static-x86_64: Process 4109 attached [pid 4109] chdir("./231") = 0 [pid 4109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4109] setpgid(0, 0) = 0 [pid 4109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4109] write(3, "1000", 4) = 4 [pid 4109] close(3) = 0 [pid 4109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4109] memfd_create("syzkaller", 0) = 3 [pid 4109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4109] munmap(0x7eff5e600000, 2097152) = 0 [pid 4109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4109] close(3) = 0 [pid 4109] mkdir("./file0", 0777) = 0 [ 122.911257][ T4109] loop0: detected capacity change from 0 to 4096 [ 122.927094][ T4109] NILFS (loop0): invalid segment: Checksum error in segment payload [ 122.935185][ T4109] NILFS (loop0): trying rollback from an earlier position [ 122.948279][ T4109] NILFS (loop0): recovery complete [pid 4109] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4109] chdir("./file0") = 0 [pid 4109] ioctl(4, LOOP_CLR_FD) = 0 [pid 4109] close(4) = 0 [pid 4109] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4109] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4109] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 122.954845][ T4110] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.980729][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 122.980742][ T27] audit: type=1800 audit(1670141612.267:233): pid=4109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4109] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4109] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4109] exit_group(0) = ? [pid 4109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4109, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./231/binderfs") = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4111 ./strace-static-x86_64: Process 4111 attached [pid 4111] chdir("./232") = 0 [pid 4111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4111] setpgid(0, 0) = 0 [pid 4111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4111] write(3, "1000", 4) = 4 [pid 4111] close(3) = 0 [pid 4111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4111] memfd_create("syzkaller", 0) = 3 [pid 4111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4111] munmap(0x7eff5e600000, 2097152) = 0 [pid 4111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4111] close(3) = 0 [pid 4111] mkdir("./file0", 0777) = 0 [ 123.215246][ T4111] loop0: detected capacity change from 0 to 4096 [ 123.231687][ T4111] NILFS (loop0): invalid segment: Checksum error in segment payload [ 123.239788][ T4111] NILFS (loop0): trying rollback from an earlier position [ 123.253434][ T4111] NILFS (loop0): recovery complete [pid 4111] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4111] chdir("./file0") = 0 [pid 4111] ioctl(4, LOOP_CLR_FD) = 0 [pid 4111] close(4) = 0 [pid 4111] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 123.259491][ T4112] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4111] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4111] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 123.291269][ T27] audit: type=1800 audit(1670141612.577:234): pid=4111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4111] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4111] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4111] exit_group(0) = ? [pid 4111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4111, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4113 ./strace-static-x86_64: Process 4113 attached [pid 4113] chdir("./233") = 0 [pid 4113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4113] setpgid(0, 0) = 0 [pid 4113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4113] write(3, "1000", 4) = 4 [pid 4113] close(3) = 0 [pid 4113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4113] memfd_create("syzkaller", 0) = 3 [pid 4113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4113] munmap(0x7eff5e600000, 2097152) = 0 [pid 4113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4113] close(3) = 0 [pid 4113] mkdir("./file0", 0777) = 0 [pid 4113] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4113] chdir("./file0") = 0 [pid 4113] ioctl(4, LOOP_CLR_FD) = 0 [ 123.541382][ T4113] loop0: detected capacity change from 0 to 4096 [ 123.557208][ T4113] NILFS (loop0): invalid segment: Checksum error in segment payload [ 123.565511][ T4113] NILFS (loop0): trying rollback from an earlier position [ 123.579238][ T4113] NILFS (loop0): recovery complete [pid 4113] close(4) = 0 [pid 4113] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4113] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4113] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 123.585093][ T4114] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.599963][ T27] audit: type=1800 audit(1670141612.887:235): pid=4113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4113] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4113] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4113] exit_group(0) = ? [pid 4113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4113, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./233/binderfs") = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4115 attached [pid 4115] chdir("./234") = 0 [pid 4115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4115] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4115 [pid 4115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4115] write(3, "1000", 4) = 4 [pid 4115] close(3) = 0 [pid 4115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4115] memfd_create("syzkaller", 0) = 3 [pid 4115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4115] munmap(0x7eff5e600000, 2097152) = 0 [pid 4115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4115] close(3) = 0 [pid 4115] mkdir("./file0", 0777) = 0 [ 123.846919][ T4115] loop0: detected capacity change from 0 to 4096 [ 123.864331][ T4115] NILFS (loop0): invalid segment: Checksum error in segment payload [ 123.872430][ T4115] NILFS (loop0): trying rollback from an earlier position [ 123.885637][ T4115] NILFS (loop0): recovery complete [pid 4115] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4115] chdir("./file0") = 0 [pid 4115] ioctl(4, LOOP_CLR_FD) = 0 [pid 4115] close(4) = 0 [pid 4115] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4115] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 123.891652][ T4116] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.913675][ T27] audit: type=1800 audit(1670141613.197:236): pid=4115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4115] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4115] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4115] exit_group(0) = ? [pid 4115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4115, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./234/binderfs") = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4117 attached [pid 4117] chdir("./235") = 0 [pid 4117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4117] setpgid(0, 0) = 0 [pid 4117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4117 [pid 4117] <... openat resumed>) = 3 [pid 4117] write(3, "1000", 4) = 4 [pid 4117] close(3) = 0 [pid 4117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4117] memfd_create("syzkaller", 0) = 3 [pid 4117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4117] munmap(0x7eff5e600000, 2097152) = 0 [pid 4117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4117] close(3) = 0 [pid 4117] mkdir("./file0", 0777) = 0 [ 124.160344][ T4117] loop0: detected capacity change from 0 to 4096 [ 124.177969][ T4117] NILFS (loop0): invalid segment: Checksum error in segment payload [ 124.186101][ T4117] NILFS (loop0): trying rollback from an earlier position [ 124.199246][ T4117] NILFS (loop0): recovery complete [pid 4117] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4117] chdir("./file0") = 0 [pid 4117] ioctl(4, LOOP_CLR_FD) = 0 [pid 4117] close(4) = 0 [pid 4117] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 124.205199][ T4118] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4117] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4117] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 124.239544][ T27] audit: type=1800 audit(1670141613.527:237): pid=4117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4117] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4117] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4117] exit_group(0) = ? [pid 4117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4117, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./235/binderfs") = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4119 ./strace-static-x86_64: Process 4119 attached [pid 4119] chdir("./236") = 0 [pid 4119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4119] setpgid(0, 0) = 0 [pid 4119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4119] write(3, "1000", 4) = 4 [pid 4119] close(3) = 0 [pid 4119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4119] memfd_create("syzkaller", 0) = 3 [pid 4119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4119] munmap(0x7eff5e600000, 2097152) = 0 [pid 4119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4119] close(3) = 0 [pid 4119] mkdir("./file0", 0777) = 0 [ 124.472130][ T4119] loop0: detected capacity change from 0 to 4096 [ 124.487969][ T4119] NILFS (loop0): invalid segment: Checksum error in segment payload [ 124.495970][ T4119] NILFS (loop0): trying rollback from an earlier position [ 124.509391][ T4119] NILFS (loop0): recovery complete [pid 4119] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4119] chdir("./file0") = 0 [pid 4119] ioctl(4, LOOP_CLR_FD) = 0 [pid 4119] close(4) = 0 [pid 4119] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4119] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4119] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 124.515312][ T4120] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.538536][ T27] audit: type=1800 audit(1670141613.827:238): pid=4119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4119] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4119] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4119] exit_group(0) = ? [pid 4119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4119, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./236/binderfs") = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4121 attached [pid 4121] chdir("./237") = 0 [pid 4121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4121] setpgid(0, 0) = 0 [pid 4121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4121] write(3, "1000", 4) = 4 [pid 4121] close(3) = 0 [pid 4121] symlink("/dev/binderfs", "./binderfs" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4121 [pid 4121] <... symlink resumed>) = 0 [pid 4121] memfd_create("syzkaller", 0) = 3 [pid 4121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4121] munmap(0x7eff5e600000, 2097152) = 0 [pid 4121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4121] close(3) = 0 [pid 4121] mkdir("./file0", 0777) = 0 [ 124.786321][ T4121] loop0: detected capacity change from 0 to 4096 [ 124.803687][ T4121] NILFS (loop0): invalid segment: Checksum error in segment payload [ 124.811756][ T4121] NILFS (loop0): trying rollback from an earlier position [ 124.825563][ T4121] NILFS (loop0): recovery complete [pid 4121] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4121] chdir("./file0") = 0 [pid 4121] ioctl(4, LOOP_CLR_FD) = 0 [pid 4121] close(4) = 0 [pid 4121] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4121] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4121] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 124.831579][ T4122] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.860466][ T27] audit: type=1800 audit(1670141614.147:239): pid=4121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4121] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4121] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4121] exit_group(0) = ? [pid 4121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4121, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./237/binderfs") = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4123 attached , child_tidptr=0x5555555775d0) = 4123 [pid 4123] chdir("./238") = 0 [pid 4123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4123] setpgid(0, 0) = 0 [pid 4123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4123] write(3, "1000", 4) = 4 [pid 4123] close(3) = 0 [pid 4123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4123] memfd_create("syzkaller", 0) = 3 [pid 4123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4123] munmap(0x7eff5e600000, 2097152) = 0 [pid 4123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4123] close(3) = 0 [pid 4123] mkdir("./file0", 0777) = 0 [ 125.102431][ T4123] loop0: detected capacity change from 0 to 4096 [ 125.118385][ T4123] NILFS (loop0): invalid segment: Checksum error in segment payload [ 125.126376][ T4123] NILFS (loop0): trying rollback from an earlier position [ 125.139978][ T4123] NILFS (loop0): recovery complete [pid 4123] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4123] chdir("./file0") = 0 [pid 4123] ioctl(4, LOOP_CLR_FD) = 0 [pid 4123] close(4) = 0 [pid 4123] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4123] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 125.145736][ T4124] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 125.167876][ T27] audit: type=1800 audit(1670141614.457:240): pid=4123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4123] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4123] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4123] exit_group(0) = ? [pid 4123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4123, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./238/binderfs") = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4125 ./strace-static-x86_64: Process 4125 attached [pid 4125] chdir("./239") = 0 [pid 4125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4125] setpgid(0, 0) = 0 [pid 4125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4125] write(3, "1000", 4) = 4 [pid 4125] close(3) = 0 [pid 4125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4125] memfd_create("syzkaller", 0) = 3 [pid 4125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4125] munmap(0x7eff5e600000, 2097152) = 0 [pid 4125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4125] close(3) = 0 [pid 4125] mkdir("./file0", 0777) = 0 [ 125.395416][ T4125] loop0: detected capacity change from 0 to 4096 [ 125.410684][ T4125] NILFS (loop0): invalid segment: Checksum error in segment payload [ 125.418722][ T4125] NILFS (loop0): trying rollback from an earlier position [ 125.432076][ T4125] NILFS (loop0): recovery complete [pid 4125] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4125] chdir("./file0") = 0 [pid 4125] ioctl(4, LOOP_CLR_FD) = 0 [pid 4125] close(4) = 0 [pid 4125] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4125] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4125] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 125.438085][ T4126] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 125.452443][ T27] audit: type=1800 audit(1670141614.737:241): pid=4125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4125] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4125] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4125] exit_group(0) = ? [pid 4125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4125, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./239/binderfs") = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4127 ./strace-static-x86_64: Process 4127 attached [pid 4127] chdir("./240") = 0 [pid 4127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4127] setpgid(0, 0) = 0 [pid 4127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4127] write(3, "1000", 4) = 4 [pid 4127] close(3) = 0 [pid 4127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4127] memfd_create("syzkaller", 0) = 3 [pid 4127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4127] munmap(0x7eff5e600000, 2097152) = 0 [pid 4127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4127] close(3) = 0 [pid 4127] mkdir("./file0", 0777) = 0 [ 125.704212][ T4127] loop0: detected capacity change from 0 to 4096 [ 125.719508][ T4127] NILFS (loop0): invalid segment: Checksum error in segment payload [ 125.727565][ T4127] NILFS (loop0): trying rollback from an earlier position [ 125.740919][ T4127] NILFS (loop0): recovery complete [pid 4127] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4127] chdir("./file0") = 0 [pid 4127] ioctl(4, LOOP_CLR_FD) = 0 [pid 4127] close(4) = 0 [pid 4127] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4127] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4127] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 125.746859][ T4128] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 125.771755][ T27] audit: type=1800 audit(1670141615.057:242): pid=4127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4127] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4127] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4127] exit_group(0) = ? [pid 4127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4127, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./240/binderfs") = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4129 ./strace-static-x86_64: Process 4129 attached [pid 4129] chdir("./241") = 0 [pid 4129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4129] setpgid(0, 0) = 0 [pid 4129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4129] write(3, "1000", 4) = 4 [pid 4129] close(3) = 0 [pid 4129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4129] memfd_create("syzkaller", 0) = 3 [pid 4129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4129] munmap(0x7eff5e600000, 2097152) = 0 [pid 4129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4129] close(3) = 0 [pid 4129] mkdir("./file0", 0777) = 0 [ 126.024659][ T4129] loop0: detected capacity change from 0 to 4096 [ 126.041704][ T4129] NILFS (loop0): invalid segment: Checksum error in segment payload [ 126.049760][ T4129] NILFS (loop0): trying rollback from an earlier position [ 126.064290][ T4129] NILFS (loop0): recovery complete [pid 4129] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4129] chdir("./file0") = 0 [pid 4129] ioctl(4, LOOP_CLR_FD) = 0 [pid 4129] close(4) = 0 [pid 4129] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4129] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4129] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 126.070459][ T4130] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4129] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4129] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4129] exit_group(0) = ? [pid 4129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4129, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./241/binderfs") = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4131 attached , child_tidptr=0x5555555775d0) = 4131 [pid 4131] chdir("./242") = 0 [pid 4131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4131] setpgid(0, 0) = 0 [pid 4131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4131] write(3, "1000", 4) = 4 [pid 4131] close(3) = 0 [pid 4131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4131] memfd_create("syzkaller", 0) = 3 [pid 4131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4131] munmap(0x7eff5e600000, 2097152) = 0 [pid 4131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4131] close(3) = 0 [pid 4131] mkdir("./file0", 0777) = 0 [ 126.330400][ T4131] loop0: detected capacity change from 0 to 4096 [ 126.347221][ T4131] NILFS (loop0): invalid segment: Checksum error in segment payload [ 126.355334][ T4131] NILFS (loop0): trying rollback from an earlier position [ 126.368019][ T4131] NILFS (loop0): recovery complete [pid 4131] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4131] chdir("./file0") = 0 [pid 4131] ioctl(4, LOOP_CLR_FD) = 0 [pid 4131] close(4) = 0 [pid 4131] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4131] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4131] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 126.373693][ T4132] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4131] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4131] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4131] exit_group(0) = ? [pid 4131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4131, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./242/binderfs") = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4133 ./strace-static-x86_64: Process 4133 attached [pid 4133] chdir("./243") = 0 [pid 4133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4133] setpgid(0, 0) = 0 [pid 4133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4133] write(3, "1000", 4) = 4 [pid 4133] close(3) = 0 [pid 4133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4133] memfd_create("syzkaller", 0) = 3 [pid 4133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4133] munmap(0x7eff5e600000, 2097152) = 0 [pid 4133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4133] close(3) = 0 [pid 4133] mkdir("./file0", 0777) = 0 [pid 4133] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 126.620332][ T4133] loop0: detected capacity change from 0 to 4096 [ 126.635813][ T4133] NILFS (loop0): invalid segment: Checksum error in segment payload [ 126.643974][ T4133] NILFS (loop0): trying rollback from an earlier position [ 126.657402][ T4133] NILFS (loop0): recovery complete [pid 4133] chdir("./file0") = 0 [pid 4133] ioctl(4, LOOP_CLR_FD) = 0 [pid 4133] close(4) = 0 [pid 4133] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4133] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4133] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 126.663134][ T4134] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4133] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4133] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4133] exit_group(0) = ? [pid 4133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4133, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./243/binderfs") = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4135 ./strace-static-x86_64: Process 4135 attached [pid 4135] chdir("./244") = 0 [pid 4135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4135] setpgid(0, 0) = 0 [pid 4135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4135] write(3, "1000", 4) = 4 [pid 4135] close(3) = 0 [pid 4135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4135] memfd_create("syzkaller", 0) = 3 [pid 4135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4135] munmap(0x7eff5e600000, 2097152) = 0 [pid 4135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4135] close(3) = 0 [pid 4135] mkdir("./file0", 0777) = 0 [ 126.919526][ T4135] loop0: detected capacity change from 0 to 4096 [ 126.935656][ T4135] NILFS (loop0): invalid segment: Checksum error in segment payload [ 126.943752][ T4135] NILFS (loop0): trying rollback from an earlier position [ 126.956891][ T4135] NILFS (loop0): recovery complete [pid 4135] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4135] chdir("./file0") = 0 [pid 4135] ioctl(4, LOOP_CLR_FD) = 0 [pid 4135] close(4) = 0 [pid 4135] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4135] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4135] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 126.963187][ T4136] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4135] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4135] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4135] exit_group(0) = ? [pid 4135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4135, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./244/binderfs") = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4137 ./strace-static-x86_64: Process 4137 attached [pid 4137] chdir("./245") = 0 [pid 4137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4137] setpgid(0, 0) = 0 [pid 4137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4137] write(3, "1000", 4) = 4 [pid 4137] close(3) = 0 [pid 4137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4137] memfd_create("syzkaller", 0) = 3 [pid 4137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4137] munmap(0x7eff5e600000, 2097152) = 0 [pid 4137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4137] close(3) = 0 [pid 4137] mkdir("./file0", 0777) = 0 [ 127.220412][ T4137] loop0: detected capacity change from 0 to 4096 [ 127.237108][ T4137] NILFS (loop0): invalid segment: Checksum error in segment payload [ 127.245168][ T4137] NILFS (loop0): trying rollback from an earlier position [ 127.258912][ T4137] NILFS (loop0): recovery complete [pid 4137] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4137] chdir("./file0") = 0 [pid 4137] ioctl(4, LOOP_CLR_FD) = 0 [pid 4137] close(4) = 0 [pid 4137] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4137] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4137] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 127.265250][ T4138] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4137] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4137] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4137] exit_group(0) = ? [pid 4137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./245/binderfs") = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4139 ./strace-static-x86_64: Process 4139 attached [pid 4139] chdir("./246") = 0 [pid 4139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4139] setpgid(0, 0) = 0 [pid 4139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4139] write(3, "1000", 4) = 4 [pid 4139] close(3) = 0 [pid 4139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4139] memfd_create("syzkaller", 0) = 3 [pid 4139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4139] munmap(0x7eff5e600000, 2097152) = 0 [pid 4139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4139] close(3) = 0 [pid 4139] mkdir("./file0", 0777) = 0 [ 127.524797][ T4139] loop0: detected capacity change from 0 to 4096 [ 127.540494][ T4139] NILFS (loop0): invalid segment: Checksum error in segment payload [ 127.548565][ T4139] NILFS (loop0): trying rollback from an earlier position [ 127.561726][ T4139] NILFS (loop0): recovery complete [pid 4139] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4139] chdir("./file0") = 0 [pid 4139] ioctl(4, LOOP_CLR_FD) = 0 [pid 4139] close(4) = 0 [pid 4139] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4139] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4139] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 127.567734][ T4140] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4139] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4139] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4139] exit_group(0) = ? [pid 4139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4139, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./246/binderfs") = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4141 ./strace-static-x86_64: Process 4141 attached [pid 4141] chdir("./247") = 0 [pid 4141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4141] setpgid(0, 0) = 0 [pid 4141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4141] write(3, "1000", 4) = 4 [pid 4141] close(3) = 0 [pid 4141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4141] memfd_create("syzkaller", 0) = 3 [pid 4141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4141] munmap(0x7eff5e600000, 2097152) = 0 [pid 4141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4141] close(3) = 0 [pid 4141] mkdir("./file0", 0777) = 0 [ 127.840364][ T4141] loop0: detected capacity change from 0 to 4096 [ 127.855053][ T4141] NILFS (loop0): invalid segment: Checksum error in segment payload [ 127.863087][ T4141] NILFS (loop0): trying rollback from an earlier position [ 127.876195][ T4141] NILFS (loop0): recovery complete [pid 4141] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4141] chdir("./file0") = 0 [pid 4141] ioctl(4, LOOP_CLR_FD) = 0 [pid 4141] close(4) = 0 [pid 4141] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4141] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4141] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 127.882014][ T4142] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4141] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4141] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4141] exit_group(0) = ? [pid 4141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4141, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./247/binderfs") = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4143 ./strace-static-x86_64: Process 4143 attached [pid 4143] chdir("./248") = 0 [pid 4143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4143] setpgid(0, 0) = 0 [pid 4143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4143] write(3, "1000", 4) = 4 [pid 4143] close(3) = 0 [pid 4143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4143] memfd_create("syzkaller", 0) = 3 [pid 4143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4143] munmap(0x7eff5e600000, 2097152) = 0 [pid 4143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4143] close(3) = 0 [pid 4143] mkdir("./file0", 0777) = 0 [ 128.150639][ T4143] loop0: detected capacity change from 0 to 4096 [ 128.164541][ T4143] NILFS (loop0): invalid segment: Checksum error in segment payload [ 128.172688][ T4143] NILFS (loop0): trying rollback from an earlier position [ 128.185889][ T4143] NILFS (loop0): recovery complete [pid 4143] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4143] chdir("./file0") = 0 [pid 4143] ioctl(4, LOOP_CLR_FD) = 0 [pid 4143] close(4) = 0 [pid 4143] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4143] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4143] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 128.192407][ T4144] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.212426][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 128.212438][ T27] audit: type=1800 audit(1670141617.497:250): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4143] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4143] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4143] exit_group(0) = ? [pid 4143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4143, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./248/binderfs") = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4145 attached , child_tidptr=0x5555555775d0) = 4145 [pid 4145] chdir("./249") = 0 [pid 4145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4145] setpgid(0, 0) = 0 [pid 4145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4145] write(3, "1000", 4) = 4 [pid 4145] close(3) = 0 [pid 4145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4145] memfd_create("syzkaller", 0) = 3 [pid 4145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4145] munmap(0x7eff5e600000, 2097152) = 0 [pid 4145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4145] close(3) = 0 [pid 4145] mkdir("./file0", 0777) = 0 [ 128.475697][ T4145] loop0: detected capacity change from 0 to 4096 [ 128.490374][ T4145] NILFS (loop0): invalid segment: Checksum error in segment payload [ 128.498480][ T4145] NILFS (loop0): trying rollback from an earlier position [ 128.510933][ T4145] NILFS (loop0): recovery complete [pid 4145] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4145] chdir("./file0") = 0 [pid 4145] ioctl(4, LOOP_CLR_FD) = 0 [pid 4145] close(4) = 0 [pid 4145] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4145] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 128.516897][ T4146] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.535468][ T27] audit: type=1800 audit(1670141617.817:251): pid=4145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4145] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4145] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4145] exit_group(0) = ? [pid 4145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4145, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./249/binderfs") = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4147 ./strace-static-x86_64: Process 4147 attached [pid 4147] chdir("./250") = 0 [pid 4147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4147] setpgid(0, 0) = 0 [pid 4147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4147] write(3, "1000", 4) = 4 [pid 4147] close(3) = 0 [pid 4147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4147] memfd_create("syzkaller", 0) = 3 [pid 4147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4147] munmap(0x7eff5e600000, 2097152) = 0 [pid 4147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4147] close(3) = 0 [pid 4147] mkdir("./file0", 0777) = 0 [pid 4147] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4147] chdir("./file0") = 0 [pid 4147] ioctl(4, LOOP_CLR_FD) = 0 [ 128.803029][ T4147] loop0: detected capacity change from 0 to 4096 [ 128.818008][ T4147] NILFS (loop0): invalid segment: Checksum error in segment payload [ 128.826068][ T4147] NILFS (loop0): trying rollback from an earlier position [ 128.839395][ T4147] NILFS (loop0): recovery complete [pid 4147] close(4) = 0 [pid 4147] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4147] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4147] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 128.845648][ T4148] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.863310][ T27] audit: type=1800 audit(1670141618.147:252): pid=4147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4147] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4147] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4147] exit_group(0) = ? [pid 4147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4147, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./250/binderfs") = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4149 ./strace-static-x86_64: Process 4149 attached [pid 4149] chdir("./251") = 0 [pid 4149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4149] setpgid(0, 0) = 0 [pid 4149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4149] write(3, "1000", 4) = 4 [pid 4149] close(3) = 0 [pid 4149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4149] memfd_create("syzkaller", 0) = 3 [pid 4149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4149] munmap(0x7eff5e600000, 2097152) = 0 [pid 4149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4149] close(3) = 0 [pid 4149] mkdir("./file0", 0777) = 0 [ 129.083929][ T4149] loop0: detected capacity change from 0 to 4096 [ 129.100739][ T4149] NILFS (loop0): invalid segment: Checksum error in segment payload [ 129.108837][ T4149] NILFS (loop0): trying rollback from an earlier position [ 129.123541][ T4149] NILFS (loop0): recovery complete [pid 4149] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4149] chdir("./file0") = 0 [pid 4149] ioctl(4, LOOP_CLR_FD) = 0 [pid 4149] close(4) = 0 [pid 4149] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4149] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4149] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 129.129295][ T4150] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 129.143532][ T27] audit: type=1800 audit(1670141618.427:253): pid=4149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4149] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4149] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4149] exit_group(0) = ? [pid 4149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4149, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./251/binderfs") = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4151 ./strace-static-x86_64: Process 4151 attached [pid 4151] chdir("./252") = 0 [pid 4151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4151] setpgid(0, 0) = 0 [pid 4151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4151] write(3, "1000", 4) = 4 [pid 4151] close(3) = 0 [pid 4151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4151] memfd_create("syzkaller", 0) = 3 [pid 4151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4151] munmap(0x7eff5e600000, 2097152) = 0 [pid 4151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4151] close(3) = 0 [pid 4151] mkdir("./file0", 0777) = 0 [ 129.395484][ T4151] loop0: detected capacity change from 0 to 4096 [ 129.411185][ T4151] NILFS (loop0): invalid segment: Checksum error in segment payload [ 129.419279][ T4151] NILFS (loop0): trying rollback from an earlier position [ 129.432314][ T4151] NILFS (loop0): recovery complete [pid 4151] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4151] chdir("./file0") = 0 [pid 4151] ioctl(4, LOOP_CLR_FD) = 0 [pid 4151] close(4) = 0 [pid 4151] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4151] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 129.438291][ T4152] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 129.462525][ T27] audit: type=1800 audit(1670141618.747:254): pid=4151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4151] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4151] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4151] exit_group(0) = ? [pid 4151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4151, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./252/binderfs") = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4153 ./strace-static-x86_64: Process 4153 attached [pid 4153] chdir("./253") = 0 [pid 4153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4153] setpgid(0, 0) = 0 [pid 4153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4153] write(3, "1000", 4) = 4 [pid 4153] close(3) = 0 [pid 4153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4153] memfd_create("syzkaller", 0) = 3 [pid 4153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4153] munmap(0x7eff5e600000, 2097152) = 0 [pid 4153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4153] close(3) = 0 [pid 4153] mkdir("./file0", 0777) = 0 [ 129.715752][ T4153] loop0: detected capacity change from 0 to 4096 [ 129.732814][ T4153] NILFS (loop0): invalid segment: Checksum error in segment payload [ 129.740866][ T4153] NILFS (loop0): trying rollback from an earlier position [ 129.754776][ T4153] NILFS (loop0): recovery complete [pid 4153] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4153] chdir("./file0") = 0 [pid 4153] ioctl(4, LOOP_CLR_FD) = 0 [pid 4153] close(4) = 0 [pid 4153] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4153] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4153] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 129.760892][ T4154] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 129.791624][ T27] audit: type=1800 audit(1670141619.077:255): pid=4153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4153] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4153] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4153] exit_group(0) = ? [pid 4153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4153, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./253/binderfs") = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4155 ./strace-static-x86_64: Process 4155 attached [pid 4155] chdir("./254") = 0 [pid 4155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4155] setpgid(0, 0) = 0 [pid 4155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4155] write(3, "1000", 4) = 4 [pid 4155] close(3) = 0 [pid 4155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4155] memfd_create("syzkaller", 0) = 3 [pid 4155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4155] munmap(0x7eff5e600000, 2097152) = 0 [pid 4155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4155] close(3) = 0 [pid 4155] mkdir("./file0", 0777) = 0 [ 130.023206][ T4155] loop0: detected capacity change from 0 to 4096 [ 130.038546][ T4155] NILFS (loop0): invalid segment: Checksum error in segment payload [ 130.046576][ T4155] NILFS (loop0): trying rollback from an earlier position [ 130.060065][ T4155] NILFS (loop0): recovery complete [pid 4155] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4155] chdir("./file0") = 0 [pid 4155] ioctl(4, LOOP_CLR_FD) = 0 [pid 4155] close(4) = 0 [pid 4155] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 130.066231][ T4156] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4155] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4155] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 130.103155][ T27] audit: type=1800 audit(1670141619.387:256): pid=4155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4155] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4155] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4155] exit_group(0) = ? [pid 4155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4155, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./254/binderfs") = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4157 ./strace-static-x86_64: Process 4157 attached [pid 4157] chdir("./255") = 0 [pid 4157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4157] setpgid(0, 0) = 0 [pid 4157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4157] write(3, "1000", 4) = 4 [pid 4157] close(3) = 0 [pid 4157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4157] memfd_create("syzkaller", 0) = 3 [pid 4157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4157] munmap(0x7eff5e600000, 2097152) = 0 [pid 4157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4157] close(3) = 0 [pid 4157] mkdir("./file0", 0777) = 0 [ 130.354737][ T4157] loop0: detected capacity change from 0 to 4096 [ 130.370401][ T4157] NILFS (loop0): invalid segment: Checksum error in segment payload [ 130.378442][ T4157] NILFS (loop0): trying rollback from an earlier position [ 130.391831][ T4157] NILFS (loop0): recovery complete [pid 4157] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4157] chdir("./file0") = 0 [pid 4157] ioctl(4, LOOP_CLR_FD) = 0 [pid 4157] close(4) = 0 [pid 4157] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4157] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4157] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 130.397961][ T4158] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 130.414030][ T27] audit: type=1800 audit(1670141619.697:257): pid=4157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4157] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4157] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4157] exit_group(0) = ? [pid 4157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4157, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./255/binderfs") = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4159 ./strace-static-x86_64: Process 4159 attached [pid 4159] chdir("./256") = 0 [pid 4159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4159] setpgid(0, 0) = 0 [pid 4159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4159] write(3, "1000", 4) = 4 [pid 4159] close(3) = 0 [pid 4159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4159] memfd_create("syzkaller", 0) = 3 [pid 4159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4159] munmap(0x7eff5e600000, 2097152) = 0 [pid 4159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4159] close(3) = 0 [pid 4159] mkdir("./file0", 0777) = 0 [ 130.674454][ T4159] loop0: detected capacity change from 0 to 4096 [ 130.689806][ T4159] NILFS (loop0): invalid segment: Checksum error in segment payload [ 130.697905][ T4159] NILFS (loop0): trying rollback from an earlier position [ 130.711028][ T4159] NILFS (loop0): recovery complete [pid 4159] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4159] chdir("./file0") = 0 [pid 4159] ioctl(4, LOOP_CLR_FD) = 0 [pid 4159] close(4) = 0 [pid 4159] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4159] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4159] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 130.717065][ T4160] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 130.731302][ T27] audit: type=1800 audit(1670141620.017:258): pid=4159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4159] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4159] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4159] exit_group(0) = ? [pid 4159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4159, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./256/binderfs") = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4161 ./strace-static-x86_64: Process 4161 attached [pid 4161] chdir("./257") = 0 [pid 4161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4161] setpgid(0, 0) = 0 [pid 4161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4161] write(3, "1000", 4) = 4 [pid 4161] close(3) = 0 [pid 4161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4161] memfd_create("syzkaller", 0) = 3 [pid 4161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4161] munmap(0x7eff5e600000, 2097152) = 0 [pid 4161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4161] close(3) = 0 [pid 4161] mkdir("./file0", 0777) = 0 [ 130.974714][ T4161] loop0: detected capacity change from 0 to 4096 [ 130.990873][ T4161] NILFS (loop0): invalid segment: Checksum error in segment payload [ 130.999052][ T4161] NILFS (loop0): trying rollback from an earlier position [ 131.013111][ T4161] NILFS (loop0): recovery complete [pid 4161] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4161] chdir("./file0") = 0 [pid 4161] ioctl(4, LOOP_CLR_FD) = 0 [pid 4161] close(4) = 0 [pid 4161] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4161] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4161] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 131.019252][ T4162] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 131.033211][ T27] audit: type=1800 audit(1670141620.317:259): pid=4161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4161] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4161] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4161] exit_group(0) = ? [pid 4161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4161, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./257/binderfs") = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4163 ./strace-static-x86_64: Process 4163 attached [pid 4163] chdir("./258") = 0 [pid 4163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4163] setpgid(0, 0) = 0 [pid 4163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4163] write(3, "1000", 4) = 4 [pid 4163] close(3) = 0 [pid 4163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4163] memfd_create("syzkaller", 0) = 3 [pid 4163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4163] munmap(0x7eff5e600000, 2097152) = 0 [pid 4163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4163] close(3) = 0 [pid 4163] mkdir("./file0", 0777) = 0 [pid 4163] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4163] chdir("./file0") = 0 [pid 4163] ioctl(4, LOOP_CLR_FD) = 0 [ 131.297880][ T4163] loop0: detected capacity change from 0 to 4096 [ 131.313979][ T4163] NILFS (loop0): invalid segment: Checksum error in segment payload [ 131.322077][ T4163] NILFS (loop0): trying rollback from an earlier position [ 131.336707][ T4163] NILFS (loop0): recovery complete [pid 4163] close(4) = 0 [pid 4163] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4163] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4163] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 131.342523][ T4164] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4163] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4163] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4163] exit_group(0) = ? [pid 4163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4163, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./258/binderfs") = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4165 ./strace-static-x86_64: Process 4165 attached [pid 4165] chdir("./259") = 0 [pid 4165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4165] setpgid(0, 0) = 0 [pid 4165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4165] write(3, "1000", 4) = 4 [pid 4165] close(3) = 0 [pid 4165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4165] memfd_create("syzkaller", 0) = 3 [pid 4165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4165] munmap(0x7eff5e600000, 2097152) = 0 [pid 4165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4165] close(3) = 0 [pid 4165] mkdir("./file0", 0777) = 0 [pid 4165] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4165] chdir("./file0") = 0 [pid 4165] ioctl(4, LOOP_CLR_FD) = 0 [ 131.582085][ T4165] loop0: detected capacity change from 0 to 4096 [ 131.597909][ T4165] NILFS (loop0): invalid segment: Checksum error in segment payload [ 131.605916][ T4165] NILFS (loop0): trying rollback from an earlier position [ 131.619245][ T4165] NILFS (loop0): recovery complete [pid 4165] close(4) = 0 [pid 4165] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4165] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4165] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 131.625124][ T4166] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4165] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4165] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4165] exit_group(0) = ? [pid 4165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4165, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./259/binderfs") = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4167 attached , child_tidptr=0x5555555775d0) = 4167 [pid 4167] chdir("./260") = 0 [pid 4167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4167] setpgid(0, 0) = 0 [pid 4167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4167] write(3, "1000", 4) = 4 [pid 4167] close(3) = 0 [pid 4167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4167] memfd_create("syzkaller", 0) = 3 [pid 4167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4167] munmap(0x7eff5e600000, 2097152) = 0 [pid 4167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4167] close(3) = 0 [pid 4167] mkdir("./file0", 0777) = 0 [ 131.882887][ T4167] loop0: detected capacity change from 0 to 4096 [ 131.898615][ T4167] NILFS (loop0): invalid segment: Checksum error in segment payload [ 131.906607][ T4167] NILFS (loop0): trying rollback from an earlier position [ 131.919917][ T4167] NILFS (loop0): recovery complete [pid 4167] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4167] chdir("./file0") = 0 [pid 4167] ioctl(4, LOOP_CLR_FD) = 0 [pid 4167] close(4) = 0 [pid 4167] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4167] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4167] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 131.925652][ T4168] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4167] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4167] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4167] exit_group(0) = ? [pid 4167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4167, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./260/binderfs") = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4169 attached , child_tidptr=0x5555555775d0) = 4169 [pid 4169] chdir("./261") = 0 [pid 4169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4169] setpgid(0, 0) = 0 [pid 4169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4169] write(3, "1000", 4) = 4 [pid 4169] close(3) = 0 [pid 4169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4169] memfd_create("syzkaller", 0) = 3 [pid 4169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4169] munmap(0x7eff5e600000, 2097152) = 0 [pid 4169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4169] close(3) = 0 [pid 4169] mkdir("./file0", 0777) = 0 [ 132.186616][ T4169] loop0: detected capacity change from 0 to 4096 [ 132.201688][ T4169] NILFS (loop0): invalid segment: Checksum error in segment payload [ 132.209753][ T4169] NILFS (loop0): trying rollback from an earlier position [ 132.222899][ T4169] NILFS (loop0): recovery complete [pid 4169] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4169] chdir("./file0") = 0 [pid 4169] ioctl(4, LOOP_CLR_FD) = 0 [pid 4169] close(4) = 0 [pid 4169] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4169] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4169] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 132.228762][ T4170] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4169] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4169] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4169] exit_group(0) = ? [pid 4169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4169, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./261/binderfs") = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4171 ./strace-static-x86_64: Process 4171 attached [pid 4171] chdir("./262") = 0 [pid 4171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4171] setpgid(0, 0) = 0 [pid 4171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4171] write(3, "1000", 4) = 4 [pid 4171] close(3) = 0 [pid 4171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4171] memfd_create("syzkaller", 0) = 3 [pid 4171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4171] munmap(0x7eff5e600000, 2097152) = 0 [pid 4171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4171] close(3) = 0 [pid 4171] mkdir("./file0", 0777) = 0 [ 132.489402][ T4171] loop0: detected capacity change from 0 to 4096 [ 132.504316][ T4171] NILFS (loop0): invalid segment: Checksum error in segment payload [ 132.512378][ T4171] NILFS (loop0): trying rollback from an earlier position [ 132.525960][ T4171] NILFS (loop0): recovery complete [pid 4171] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4171] chdir("./file0") = 0 [pid 4171] ioctl(4, LOOP_CLR_FD) = 0 [pid 4171] close(4) = 0 [pid 4171] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4171] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4171] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 132.532368][ T4172] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4171] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4171] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4171] exit_group(0) = ? [pid 4171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4171, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./262/binderfs") = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4173 ./strace-static-x86_64: Process 4173 attached [pid 4173] chdir("./263") = 0 [pid 4173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4173] setpgid(0, 0) = 0 [pid 4173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4173] write(3, "1000", 4) = 4 [pid 4173] close(3) = 0 [pid 4173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4173] memfd_create("syzkaller", 0) = 3 [pid 4173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4173] munmap(0x7eff5e600000, 2097152) = 0 [pid 4173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4173] close(3) = 0 [pid 4173] mkdir("./file0", 0777) = 0 [ 132.893709][ T4173] loop0: detected capacity change from 0 to 4096 [ 132.919048][ T4173] NILFS (loop0): invalid segment: Checksum error in segment payload [ 132.927573][ T4173] NILFS (loop0): trying rollback from an earlier position [pid 4173] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4173] chdir("./file0") = 0 [pid 4173] ioctl(4, LOOP_CLR_FD) = 0 [pid 4173] close(4) = 0 [pid 4173] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4173] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4173] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 132.949886][ T4173] NILFS (loop0): recovery complete [ 132.957605][ T4174] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4173] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4173] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4173] exit_group(0) = ? [pid 4173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4173, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./263/binderfs") = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4175 ./strace-static-x86_64: Process 4175 attached [pid 4175] chdir("./264") = 0 [pid 4175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4175] setpgid(0, 0) = 0 [pid 4175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4175] write(3, "1000", 4) = 4 [pid 4175] close(3) = 0 [pid 4175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4175] memfd_create("syzkaller", 0) = 3 [pid 4175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4175] munmap(0x7eff5e600000, 2097152) = 0 [pid 4175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4175] close(3) = 0 [pid 4175] mkdir("./file0", 0777) = 0 [ 133.322588][ T4175] loop0: detected capacity change from 0 to 4096 [ 133.339614][ T4175] NILFS (loop0): invalid segment: Checksum error in segment payload [ 133.347670][ T4175] NILFS (loop0): trying rollback from an earlier position [ 133.362693][ T4175] NILFS (loop0): recovery complete [pid 4175] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4175] chdir("./file0") = 0 [pid 4175] ioctl(4, LOOP_CLR_FD) = 0 [pid 4175] close(4) = 0 [pid 4175] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4175] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4175] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 133.368554][ T4176] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 133.382912][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 133.382924][ T27] audit: type=1800 audit(1670141622.667:266): pid=4175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4175] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4175] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4175] exit_group(0) = ? [pid 4175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4175, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4177 ./strace-static-x86_64: Process 4177 attached [pid 4177] chdir("./265") = 0 [pid 4177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4177] setpgid(0, 0) = 0 [pid 4177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4177] write(3, "1000", 4) = 4 [pid 4177] close(3) = 0 [pid 4177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4177] memfd_create("syzkaller", 0) = 3 [pid 4177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4177] munmap(0x7eff5e600000, 2097152) = 0 [pid 4177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4177] close(3) = 0 [pid 4177] mkdir("./file0", 0777) = 0 [ 133.646585][ T4177] loop0: detected capacity change from 0 to 4096 [ 133.662217][ T4177] NILFS (loop0): invalid segment: Checksum error in segment payload [ 133.670514][ T4177] NILFS (loop0): trying rollback from an earlier position [ 133.685016][ T4177] NILFS (loop0): recovery complete [pid 4177] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4177] chdir("./file0") = 0 [pid 4177] ioctl(4, LOOP_CLR_FD) = 0 [pid 4177] close(4) = 0 [pid 4177] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 133.691187][ T4178] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4177] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4177] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 133.718931][ T27] audit: type=1800 audit(1670141623.007:267): pid=4177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4177] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4177] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4177] exit_group(0) = ? [pid 4177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4177, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4179 ./strace-static-x86_64: Process 4179 attached [pid 4179] chdir("./266") = 0 [pid 4179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4179] setpgid(0, 0) = 0 [pid 4179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4179] write(3, "1000", 4) = 4 [pid 4179] close(3) = 0 [pid 4179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4179] memfd_create("syzkaller", 0) = 3 [pid 4179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4179] munmap(0x7eff5e600000, 2097152) = 0 [pid 4179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4179] close(3) = 0 [pid 4179] mkdir("./file0", 0777) = 0 [ 133.985589][ T4179] loop0: detected capacity change from 0 to 4096 [ 134.001293][ T4179] NILFS (loop0): invalid segment: Checksum error in segment payload [ 134.009331][ T4179] NILFS (loop0): trying rollback from an earlier position [ 134.022678][ T4179] NILFS (loop0): recovery complete [pid 4179] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4179] chdir("./file0") = 0 [pid 4179] ioctl(4, LOOP_CLR_FD) = 0 [pid 4179] close(4) = 0 [pid 4179] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4179] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4179] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 134.028426][ T4180] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.049136][ T27] audit: type=1800 audit(1670141623.337:268): pid=4179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4179] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4179] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4179] exit_group(0) = ? [pid 4179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4179, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4181 ./strace-static-x86_64: Process 4181 attached [pid 4181] chdir("./267") = 0 [pid 4181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4181] setpgid(0, 0) = 0 [pid 4181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4181] write(3, "1000", 4) = 4 [pid 4181] close(3) = 0 [pid 4181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4181] memfd_create("syzkaller", 0) = 3 [pid 4181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4181] munmap(0x7eff5e600000, 2097152) = 0 [pid 4181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4181] close(3) = 0 [pid 4181] mkdir("./file0", 0777) = 0 [ 134.305243][ T4181] loop0: detected capacity change from 0 to 4096 [ 134.321578][ T4181] NILFS (loop0): invalid segment: Checksum error in segment payload [ 134.329641][ T4181] NILFS (loop0): trying rollback from an earlier position [ 134.342759][ T4181] NILFS (loop0): recovery complete [pid 4181] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4181] chdir("./file0") = 0 [pid 4181] ioctl(4, LOOP_CLR_FD) = 0 [pid 4181] close(4) = 0 [pid 4181] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4181] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4181] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 134.348530][ T4182] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.370263][ T27] audit: type=1800 audit(1670141623.657:269): pid=4181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4181] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4181] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4181] exit_group(0) = ? [pid 4181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4181, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4183 ./strace-static-x86_64: Process 4183 attached [pid 4183] chdir("./268") = 0 [pid 4183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4183] setpgid(0, 0) = 0 [pid 4183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4183] write(3, "1000", 4) = 4 [pid 4183] close(3) = 0 [pid 4183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4183] memfd_create("syzkaller", 0) = 3 [pid 4183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4183] munmap(0x7eff5e600000, 2097152) = 0 [pid 4183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4183] close(3) = 0 [pid 4183] mkdir("./file0", 0777) = 0 [ 134.617639][ T4183] loop0: detected capacity change from 0 to 4096 [ 134.634120][ T4183] NILFS (loop0): invalid segment: Checksum error in segment payload [ 134.642178][ T4183] NILFS (loop0): trying rollback from an earlier position [ 134.655453][ T4183] NILFS (loop0): recovery complete [pid 4183] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4183] chdir("./file0") = 0 [pid 4183] ioctl(4, LOOP_CLR_FD) = 0 [pid 4183] close(4) = 0 [pid 4183] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 134.661392][ T4184] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4183] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4183] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 134.691072][ T27] audit: type=1800 audit(1670141623.977:270): pid=4183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4183] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4183] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4183] exit_group(0) = ? [pid 4183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4183, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4185 ./strace-static-x86_64: Process 4185 attached [pid 4185] chdir("./269") = 0 [pid 4185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4185] setpgid(0, 0) = 0 [pid 4185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4185] write(3, "1000", 4) = 4 [pid 4185] close(3) = 0 [pid 4185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4185] memfd_create("syzkaller", 0) = 3 [pid 4185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4185] munmap(0x7eff5e600000, 2097152) = 0 [pid 4185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4185] close(3) = 0 [pid 4185] mkdir("./file0", 0777) = 0 [ 134.929662][ T4185] loop0: detected capacity change from 0 to 4096 [ 134.943385][ T4185] NILFS (loop0): invalid segment: Checksum error in segment payload [ 134.951505][ T4185] NILFS (loop0): trying rollback from an earlier position [ 134.963771][ T4185] NILFS (loop0): recovery complete [pid 4185] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4185] chdir("./file0") = 0 [pid 4185] ioctl(4, LOOP_CLR_FD) = 0 [pid 4185] close(4) = 0 [pid 4185] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4185] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4185] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 134.969719][ T4186] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.982457][ T27] audit: type=1800 audit(1670141624.267:271): pid=4185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4185] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4185] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4185] exit_group(0) = ? [pid 4185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4185, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4187 attached , child_tidptr=0x5555555775d0) = 4187 [pid 4187] chdir("./270") = 0 [pid 4187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4187] setpgid(0, 0) = 0 [pid 4187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4187] write(3, "1000", 4) = 4 [pid 4187] close(3) = 0 [pid 4187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4187] memfd_create("syzkaller", 0) = 3 [pid 4187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4187] munmap(0x7eff5e600000, 2097152) = 0 [pid 4187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4187] close(3) = 0 [pid 4187] mkdir("./file0", 0777) = 0 [ 135.221338][ T4187] loop0: detected capacity change from 0 to 4096 [ 135.238461][ T4187] NILFS (loop0): invalid segment: Checksum error in segment payload [ 135.246501][ T4187] NILFS (loop0): trying rollback from an earlier position [ 135.260787][ T4187] NILFS (loop0): recovery complete [pid 4187] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4187] chdir("./file0") = 0 [pid 4187] ioctl(4, LOOP_CLR_FD) = 0 [pid 4187] close(4) = 0 [pid 4187] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4187] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4187] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 135.266447][ T4188] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 135.299392][ T27] audit: type=1800 audit(1670141624.587:272): pid=4187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4187] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4187] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4187] exit_group(0) = ? [pid 4187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4187, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4189 ./strace-static-x86_64: Process 4189 attached [pid 4189] chdir("./271") = 0 [pid 4189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4189] setpgid(0, 0) = 0 [pid 4189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4189] write(3, "1000", 4) = 4 [pid 4189] close(3) = 0 [pid 4189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4189] memfd_create("syzkaller", 0) = 3 [pid 4189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4189] munmap(0x7eff5e600000, 2097152) = 0 [pid 4189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4189] close(3) = 0 [pid 4189] mkdir("./file0", 0777) = 0 [ 135.546215][ T4189] loop0: detected capacity change from 0 to 4096 [ 135.561810][ T4189] NILFS (loop0): invalid segment: Checksum error in segment payload [ 135.569944][ T4189] NILFS (loop0): trying rollback from an earlier position [ 135.582628][ T4189] NILFS (loop0): recovery complete [pid 4189] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4189] chdir("./file0") = 0 [pid 4189] ioctl(4, LOOP_CLR_FD) = 0 [pid 4189] close(4) = 0 [pid 4189] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4189] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4189] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 135.588967][ T4190] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 135.592366][ T27] audit: type=1800 audit(1670141624.877:273): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4189] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4189] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4189] exit_group(0) = ? [pid 4189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4189, si_uid=0, si_status=0, si_utime=1, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4191 ./strace-static-x86_64: Process 4191 attached [pid 4191] chdir("./272") = 0 [pid 4191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4191] setpgid(0, 0) = 0 [pid 4191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4191] write(3, "1000", 4) = 4 [pid 4191] close(3) = 0 [pid 4191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4191] memfd_create("syzkaller", 0) = 3 [pid 4191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4191] munmap(0x7eff5e600000, 2097152) = 0 [pid 4191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4191] close(3) = 0 [pid 4191] mkdir("./file0", 0777) = 0 [ 135.860258][ T4191] loop0: detected capacity change from 0 to 4096 [ 135.874149][ T4191] NILFS (loop0): invalid segment: Checksum error in segment payload [ 135.882182][ T4191] NILFS (loop0): trying rollback from an earlier position [ 135.895486][ T4191] NILFS (loop0): recovery complete [pid 4191] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4191] chdir("./file0") = 0 [pid 4191] ioctl(4, LOOP_CLR_FD) = 0 [pid 4191] close(4) = 0 [pid 4191] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4191] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 135.901514][ T4192] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 135.928314][ T27] audit: type=1800 audit(1670141625.217:274): pid=4191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4191] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4191] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4191] exit_group(0) = ? [pid 4191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4191, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4193 ./strace-static-x86_64: Process 4193 attached [pid 4193] chdir("./273") = 0 [pid 4193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4193] setpgid(0, 0) = 0 [pid 4193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4193] write(3, "1000", 4) = 4 [pid 4193] close(3) = 0 [pid 4193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4193] memfd_create("syzkaller", 0) = 3 [pid 4193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4193] munmap(0x7eff5e600000, 2097152) = 0 [pid 4193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4193] close(3) = 0 [pid 4193] mkdir("./file0", 0777) = 0 [pid 4193] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4193] chdir("./file0") = 0 [pid 4193] ioctl(4, LOOP_CLR_FD) = 0 [pid 4193] close(4) = 0 [ 136.162110][ T4193] loop0: detected capacity change from 0 to 4096 [ 136.177826][ T4193] NILFS (loop0): invalid segment: Checksum error in segment payload [ 136.185816][ T4193] NILFS (loop0): trying rollback from an earlier position [ 136.198988][ T4193] NILFS (loop0): recovery complete [pid 4193] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4193] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4193] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 136.204725][ T4194] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 136.215491][ T27] audit: type=1800 audit(1670141625.487:275): pid=4193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4193] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4193] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4193] exit_group(0) = ? [pid 4193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4193, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4195 ./strace-static-x86_64: Process 4195 attached [pid 4195] chdir("./274") = 0 [pid 4195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4195] setpgid(0, 0) = 0 [pid 4195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4195] write(3, "1000", 4) = 4 [pid 4195] close(3) = 0 [pid 4195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4195] memfd_create("syzkaller", 0) = 3 [pid 4195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4195] munmap(0x7eff5e600000, 2097152) = 0 [pid 4195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4195] close(3) = 0 [pid 4195] mkdir("./file0", 0777) = 0 [ 136.452743][ T4195] loop0: detected capacity change from 0 to 4096 [ 136.478462][ T4195] NILFS (loop0): invalid segment: Checksum error in segment payload [ 136.486605][ T4195] NILFS (loop0): trying rollback from an earlier position [pid 4195] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4195] chdir("./file0") = 0 [pid 4195] ioctl(4, LOOP_CLR_FD) = 0 [pid 4195] close(4) = 0 [pid 4195] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4195] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4195] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 136.500246][ T4195] NILFS (loop0): recovery complete [ 136.506490][ T4196] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4195] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4195] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4195] exit_group(0) = ? [pid 4195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4195, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4197 ./strace-static-x86_64: Process 4197 attached [pid 4197] chdir("./275") = 0 [pid 4197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4197] setpgid(0, 0) = 0 [pid 4197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4197] write(3, "1000", 4) = 4 [pid 4197] close(3) = 0 [pid 4197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4197] memfd_create("syzkaller", 0) = 3 [pid 4197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4197] munmap(0x7eff5e600000, 2097152) = 0 [pid 4197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4197] close(3) = 0 [pid 4197] mkdir("./file0", 0777) = 0 [ 136.756169][ T4197] loop0: detected capacity change from 0 to 4096 [ 136.770799][ T4197] NILFS (loop0): invalid segment: Checksum error in segment payload [ 136.779197][ T4197] NILFS (loop0): trying rollback from an earlier position [ 136.791939][ T4197] NILFS (loop0): recovery complete [pid 4197] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4197] chdir("./file0") = 0 [pid 4197] ioctl(4, LOOP_CLR_FD) = 0 [pid 4197] close(4) = 0 [pid 4197] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4197] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4197] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 136.798322][ T4198] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4197] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4197] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4197] exit_group(0) = ? [pid 4197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4197, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4199 ./strace-static-x86_64: Process 4199 attached [pid 4199] chdir("./276") = 0 [pid 4199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4199] setpgid(0, 0) = 0 [pid 4199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4199] write(3, "1000", 4) = 4 [pid 4199] close(3) = 0 [pid 4199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4199] memfd_create("syzkaller", 0) = 3 [pid 4199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4199] munmap(0x7eff5e600000, 2097152) = 0 [pid 4199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4199] close(3) = 0 [pid 4199] mkdir("./file0", 0777) = 0 [ 137.063170][ T4199] loop0: detected capacity change from 0 to 4096 [ 137.079553][ T4199] NILFS (loop0): invalid segment: Checksum error in segment payload [ 137.087648][ T4199] NILFS (loop0): trying rollback from an earlier position [ 137.100166][ T4199] NILFS (loop0): recovery complete [pid 4199] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4199] chdir("./file0") = 0 [pid 4199] ioctl(4, LOOP_CLR_FD) = 0 [pid 4199] close(4) = 0 [pid 4199] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4199] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4199] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 137.105863][ T4200] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4199] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4199] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4199] exit_group(0) = ? [pid 4199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4199, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4201 ./strace-static-x86_64: Process 4201 attached [pid 4201] chdir("./277") = 0 [pid 4201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4201] setpgid(0, 0) = 0 [pid 4201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4201] write(3, "1000", 4) = 4 [pid 4201] close(3) = 0 [pid 4201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4201] memfd_create("syzkaller", 0) = 3 [pid 4201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4201] munmap(0x7eff5e600000, 2097152) = 0 [pid 4201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4201] close(3) = 0 [pid 4201] mkdir("./file0", 0777) = 0 [ 137.356104][ T4201] loop0: detected capacity change from 0 to 4096 [ 137.370797][ T4201] NILFS (loop0): invalid segment: Checksum error in segment payload [ 137.378815][ T4201] NILFS (loop0): trying rollback from an earlier position [ 137.391844][ T4201] NILFS (loop0): recovery complete [pid 4201] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4201] chdir("./file0") = 0 [pid 4201] ioctl(4, LOOP_CLR_FD) = 0 [pid 4201] close(4) = 0 [pid 4201] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4201] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4201] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 137.398185][ T4202] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4201] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4201] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4201] exit_group(0) = ? [pid 4201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4201, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./277/binderfs") = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4203 ./strace-static-x86_64: Process 4203 attached [pid 4203] chdir("./278") = 0 [pid 4203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4203] setpgid(0, 0) = 0 [pid 4203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4203] write(3, "1000", 4) = 4 [pid 4203] close(3) = 0 [pid 4203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4203] memfd_create("syzkaller", 0) = 3 [pid 4203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4203] munmap(0x7eff5e600000, 2097152) = 0 [pid 4203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4203] close(3) = 0 [pid 4203] mkdir("./file0", 0777) = 0 [ 137.663724][ T4203] loop0: detected capacity change from 0 to 4096 [ 137.679378][ T4203] NILFS (loop0): invalid segment: Checksum error in segment payload [ 137.687434][ T4203] NILFS (loop0): trying rollback from an earlier position [ 137.701632][ T4203] NILFS (loop0): recovery complete [pid 4203] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4203] chdir("./file0") = 0 [pid 4203] ioctl(4, LOOP_CLR_FD) = 0 [pid 4203] close(4) = 0 [pid 4203] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4203] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4203] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 137.707929][ T4204] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4203] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4203] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4203] exit_group(0) = ? [pid 4203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4203, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./278/binderfs") = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4205 ./strace-static-x86_64: Process 4205 attached [pid 4205] chdir("./279") = 0 [pid 4205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4205] setpgid(0, 0) = 0 [pid 4205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4205] write(3, "1000", 4) = 4 [pid 4205] close(3) = 0 [pid 4205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4205] memfd_create("syzkaller", 0) = 3 [pid 4205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4205] munmap(0x7eff5e600000, 2097152) = 0 [pid 4205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4205] close(3) = 0 [pid 4205] mkdir("./file0", 0777) = 0 [pid 4205] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4205] chdir("./file0") = 0 [ 137.969967][ T4205] loop0: detected capacity change from 0 to 4096 [ 137.985084][ T4205] NILFS (loop0): invalid segment: Checksum error in segment payload [ 137.993122][ T4205] NILFS (loop0): trying rollback from an earlier position [ 138.007239][ T4205] NILFS (loop0): recovery complete [pid 4205] ioctl(4, LOOP_CLR_FD) = 0 [pid 4205] close(4) = 0 [pid 4205] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4205] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4205] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 138.013289][ T4206] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4205] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4205] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4205] exit_group(0) = ? [pid 4205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4205, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./279/binderfs") = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4207 ./strace-static-x86_64: Process 4207 attached [pid 4207] chdir("./280") = 0 [pid 4207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4207] setpgid(0, 0) = 0 [pid 4207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4207] write(3, "1000", 4) = 4 [pid 4207] close(3) = 0 [pid 4207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4207] memfd_create("syzkaller", 0) = 3 [pid 4207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4207] munmap(0x7eff5e600000, 2097152) = 0 [pid 4207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4207] close(3) = 0 [pid 4207] mkdir("./file0", 0777) = 0 [pid 4207] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 138.278824][ T4207] loop0: detected capacity change from 0 to 4096 [ 138.297185][ T4207] NILFS (loop0): invalid segment: Checksum error in segment payload [ 138.305309][ T4207] NILFS (loop0): trying rollback from an earlier position [ 138.319309][ T4207] NILFS (loop0): recovery complete [pid 4207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4207] chdir("./file0") = 0 [pid 4207] ioctl(4, LOOP_CLR_FD) = 0 [pid 4207] close(4) = 0 [pid 4207] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4207] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4207] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 138.325304][ T4208] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4207] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4207] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4207] exit_group(0) = ? [pid 4207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4207, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./280/binderfs") = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4209 ./strace-static-x86_64: Process 4209 attached [pid 4209] chdir("./281") = 0 [pid 4209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4209] setpgid(0, 0) = 0 [pid 4209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4209] write(3, "1000", 4) = 4 [pid 4209] close(3) = 0 [pid 4209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4209] memfd_create("syzkaller", 0) = 3 [pid 4209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4209] munmap(0x7eff5e600000, 2097152) = 0 [pid 4209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4209] close(3) = 0 [pid 4209] mkdir("./file0", 0777) = 0 [pid 4209] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4209] chdir("./file0") = 0 [pid 4209] ioctl(4, LOOP_CLR_FD) = 0 [pid 4209] close(4) = 0 [pid 4209] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 138.581517][ T4209] loop0: detected capacity change from 0 to 4096 [ 138.596828][ T4209] NILFS (loop0): invalid segment: Checksum error in segment payload [ 138.605282][ T4209] NILFS (loop0): trying rollback from an earlier position [ 138.618874][ T4209] NILFS (loop0): recovery complete [pid 4209] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4209] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 138.625005][ T4210] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.645927][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 138.645941][ T27] audit: type=1800 audit(1670141627.907:283): pid=4209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4209] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4209] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4209] exit_group(0) = ? [pid 4209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4209, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./281/binderfs") = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4211 ./strace-static-x86_64: Process 4211 attached [pid 4211] chdir("./282") = 0 [pid 4211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4211] setpgid(0, 0) = 0 [pid 4211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4211] write(3, "1000", 4) = 4 [pid 4211] close(3) = 0 [pid 4211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4211] memfd_create("syzkaller", 0) = 3 [pid 4211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4211] munmap(0x7eff5e600000, 2097152) = 0 [pid 4211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4211] close(3) = 0 [pid 4211] mkdir("./file0", 0777) = 0 [pid 4211] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 138.898548][ T4211] loop0: detected capacity change from 0 to 4096 [ 138.915982][ T4211] NILFS (loop0): invalid segment: Checksum error in segment payload [ 138.924073][ T4211] NILFS (loop0): trying rollback from an earlier position [ 138.938391][ T4211] NILFS (loop0): recovery complete [pid 4211] chdir("./file0") = 0 [pid 4211] ioctl(4, LOOP_CLR_FD) = 0 [pid 4211] close(4) = 0 [pid 4211] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4211] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4211] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 138.944155][ T4212] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.954888][ T27] audit: type=1800 audit(1670141628.227:284): pid=4211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4211] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4211] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4211] exit_group(0) = ? [pid 4211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4211, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./282/binderfs") = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4213 ./strace-static-x86_64: Process 4213 attached [pid 4213] chdir("./283") = 0 [pid 4213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4213] setpgid(0, 0) = 0 [pid 4213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4213] write(3, "1000", 4) = 4 [pid 4213] close(3) = 0 [pid 4213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4213] memfd_create("syzkaller", 0) = 3 [pid 4213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4213] munmap(0x7eff5e600000, 2097152) = 0 [pid 4213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4213] close(3) = 0 [pid 4213] mkdir("./file0", 0777) = 0 [ 139.213370][ T4213] loop0: detected capacity change from 0 to 4096 [ 139.230317][ T4213] NILFS (loop0): invalid segment: Checksum error in segment payload [ 139.238426][ T4213] NILFS (loop0): trying rollback from an earlier position [ 139.251789][ T4213] NILFS (loop0): recovery complete [pid 4213] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4213] chdir("./file0") = 0 [pid 4213] ioctl(4, LOOP_CLR_FD) = 0 [pid 4213] close(4) = 0 [pid 4213] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4213] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4213] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 139.258605][ T4214] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 139.282103][ T27] audit: type=1800 audit(1670141628.567:285): pid=4213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4213] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4213] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4213] exit_group(0) = ? [pid 4213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4213, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./283/binderfs") = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4215 ./strace-static-x86_64: Process 4215 attached [pid 4215] chdir("./284") = 0 [pid 4215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4215] setpgid(0, 0) = 0 [pid 4215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4215] write(3, "1000", 4) = 4 [pid 4215] close(3) = 0 [pid 4215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4215] memfd_create("syzkaller", 0) = 3 [pid 4215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4215] munmap(0x7eff5e600000, 2097152) = 0 [pid 4215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4215] close(3) = 0 [pid 4215] mkdir("./file0", 0777) = 0 [ 139.529311][ T4215] loop0: detected capacity change from 0 to 4096 [ 139.544169][ T4215] NILFS (loop0): invalid segment: Checksum error in segment payload [ 139.552316][ T4215] NILFS (loop0): trying rollback from an earlier position [ 139.565523][ T4215] NILFS (loop0): recovery complete [pid 4215] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4215] chdir("./file0") = 0 [pid 4215] ioctl(4, LOOP_CLR_FD) = 0 [pid 4215] close(4) = 0 [pid 4215] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4215] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4215] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 139.571893][ T4216] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 139.590406][ T27] audit: type=1800 audit(1670141628.877:286): pid=4215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4215] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4215] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4215] exit_group(0) = ? [pid 4215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4215, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./284/binderfs") = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4217 ./strace-static-x86_64: Process 4217 attached [pid 4217] chdir("./285") = 0 [pid 4217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4217] setpgid(0, 0) = 0 [pid 4217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4217] write(3, "1000", 4) = 4 [pid 4217] close(3) = 0 [pid 4217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4217] memfd_create("syzkaller", 0) = 3 [pid 4217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4217] munmap(0x7eff5e600000, 2097152) = 0 [pid 4217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4217] close(3) = 0 [pid 4217] mkdir("./file0", 0777) = 0 [pid 4217] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4217] chdir("./file0") = 0 [pid 4217] ioctl(4, LOOP_CLR_FD) = 0 [pid 4217] close(4) = 0 [pid 4217] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 139.822259][ T4217] loop0: detected capacity change from 0 to 4096 [ 139.837574][ T4217] NILFS (loop0): invalid segment: Checksum error in segment payload [ 139.845633][ T4217] NILFS (loop0): trying rollback from an earlier position [ 139.859230][ T4217] NILFS (loop0): recovery complete [pid 4217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4217] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 139.865075][ T4218] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 139.887361][ T27] audit: type=1800 audit(1670141629.147:287): pid=4217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4217] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4217] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4217] exit_group(0) = ? [pid 4217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4217, si_uid=0, si_status=0, si_utime=1, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./285/binderfs") = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4219 ./strace-static-x86_64: Process 4219 attached [pid 4219] chdir("./286") = 0 [pid 4219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4219] setpgid(0, 0) = 0 [pid 4219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4219] write(3, "1000", 4) = 4 [pid 4219] close(3) = 0 [pid 4219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4219] memfd_create("syzkaller", 0) = 3 [pid 4219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4219] munmap(0x7eff5e600000, 2097152) = 0 [pid 4219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4219] close(3) = 0 [pid 4219] mkdir("./file0", 0777) = 0 [pid 4219] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4219] chdir("./file0") = 0 [pid 4219] ioctl(4, LOOP_CLR_FD) = 0 [pid 4219] close(4) = 0 [pid 4219] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 140.112803][ T4219] loop0: detected capacity change from 0 to 4096 [ 140.129042][ T4219] NILFS (loop0): invalid segment: Checksum error in segment payload [ 140.137084][ T4219] NILFS (loop0): trying rollback from an earlier position [ 140.150538][ T4219] NILFS (loop0): recovery complete [pid 4219] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4219] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 140.156710][ T4220] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 140.162595][ T27] audit: type=1800 audit(1670141629.447:288): pid=4219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4219] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4219] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4219] exit_group(0) = ? [pid 4219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4219, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./286/binderfs") = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4221 ./strace-static-x86_64: Process 4221 attached [pid 4221] chdir("./287") = 0 [pid 4221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4221] setpgid(0, 0) = 0 [pid 4221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4221] write(3, "1000", 4) = 4 [pid 4221] close(3) = 0 [pid 4221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4221] memfd_create("syzkaller", 0) = 3 [pid 4221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4221] munmap(0x7eff5e600000, 2097152) = 0 [pid 4221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4221] close(3) = 0 [pid 4221] mkdir("./file0", 0777) = 0 [ 140.425817][ T4221] loop0: detected capacity change from 0 to 4096 [ 140.441912][ T4221] NILFS (loop0): invalid segment: Checksum error in segment payload [ 140.450114][ T4221] NILFS (loop0): trying rollback from an earlier position [ 140.463783][ T4221] NILFS (loop0): recovery complete [pid 4221] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4221] chdir("./file0") = 0 [pid 4221] ioctl(4, LOOP_CLR_FD) = 0 [pid 4221] close(4) = 0 [pid 4221] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4221] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4221] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 140.469598][ T4222] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 140.487416][ T27] audit: type=1800 audit(1670141629.767:289): pid=4221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4221] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4221] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4221] exit_group(0) = ? [pid 4221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4221, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./287/binderfs") = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4223 attached , child_tidptr=0x5555555775d0) = 4223 [pid 4223] chdir("./288") = 0 [pid 4223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4223] setpgid(0, 0) = 0 [pid 4223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4223] write(3, "1000", 4) = 4 [pid 4223] close(3) = 0 [pid 4223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4223] memfd_create("syzkaller", 0) = 3 [pid 4223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4223] munmap(0x7eff5e600000, 2097152) = 0 [pid 4223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4223] close(3) = 0 [pid 4223] mkdir("./file0", 0777) = 0 [ 140.732133][ T4223] loop0: detected capacity change from 0 to 4096 [ 140.748992][ T4223] NILFS (loop0): invalid segment: Checksum error in segment payload [ 140.756988][ T4223] NILFS (loop0): trying rollback from an earlier position [ 140.770576][ T4223] NILFS (loop0): recovery complete [pid 4223] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4223] chdir("./file0") = 0 [pid 4223] ioctl(4, LOOP_CLR_FD) = 0 [pid 4223] close(4) = 0 [pid 4223] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 140.776396][ T4224] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4223] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4223] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 140.809990][ T27] audit: type=1800 audit(1670141630.097:290): pid=4223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4223] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4223] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4223] exit_group(0) = ? [pid 4223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4223, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./288/binderfs") = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4225 ./strace-static-x86_64: Process 4225 attached [pid 4225] chdir("./289") = 0 [pid 4225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4225] setpgid(0, 0) = 0 [pid 4225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4225] write(3, "1000", 4) = 4 [pid 4225] close(3) = 0 [pid 4225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4225] memfd_create("syzkaller", 0) = 3 [pid 4225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4225] munmap(0x7eff5e600000, 2097152) = 0 [pid 4225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4225] close(3) = 0 [pid 4225] mkdir("./file0", 0777) = 0 [ 141.057171][ T4225] loop0: detected capacity change from 0 to 4096 [ 141.073178][ T4225] NILFS (loop0): invalid segment: Checksum error in segment payload [ 141.081236][ T4225] NILFS (loop0): trying rollback from an earlier position [ 141.094784][ T4225] NILFS (loop0): recovery complete [pid 4225] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4225] chdir("./file0") = 0 [pid 4225] ioctl(4, LOOP_CLR_FD) = 0 [pid 4225] close(4) = 0 [pid 4225] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4225] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [ 141.100826][ T4226] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4225] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 141.130786][ T27] audit: type=1800 audit(1670141630.417:291): pid=4225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4225] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4225] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4225] exit_group(0) = ? [pid 4225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4225, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./289/binderfs") = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4227 ./strace-static-x86_64: Process 4227 attached [pid 4227] chdir("./290") = 0 [pid 4227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4227] setpgid(0, 0) = 0 [pid 4227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4227] write(3, "1000", 4) = 4 [pid 4227] close(3) = 0 [pid 4227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4227] memfd_create("syzkaller", 0) = 3 [pid 4227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4227] munmap(0x7eff5e600000, 2097152) = 0 [pid 4227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4227] close(3) = 0 [pid 4227] mkdir("./file0", 0777) = 0 [ 141.362621][ T4227] loop0: detected capacity change from 0 to 4096 [ 141.379070][ T4227] NILFS (loop0): invalid segment: Checksum error in segment payload [ 141.387064][ T4227] NILFS (loop0): trying rollback from an earlier position [ 141.400319][ T4227] NILFS (loop0): recovery complete [pid 4227] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4227] chdir("./file0") = 0 [pid 4227] ioctl(4, LOOP_CLR_FD) = 0 [pid 4227] close(4) = 0 [pid 4227] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4227] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4227] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 141.406429][ T4228] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 141.419513][ T27] audit: type=1800 audit(1670141630.707:292): pid=4227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4227] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4227] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4227] exit_group(0) = ? [pid 4227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4227, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./290/binderfs") = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4229 ./strace-static-x86_64: Process 4229 attached [pid 4229] chdir("./291") = 0 [pid 4229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4229] setpgid(0, 0) = 0 [pid 4229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4229] write(3, "1000", 4) = 4 [pid 4229] close(3) = 0 [pid 4229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4229] memfd_create("syzkaller", 0) = 3 [pid 4229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4229] munmap(0x7eff5e600000, 2097152) = 0 [pid 4229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4229] close(3) = 0 [pid 4229] mkdir("./file0", 0777) = 0 [pid 4229] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 141.669009][ T4229] loop0: detected capacity change from 0 to 4096 [ 141.683596][ T4229] NILFS (loop0): invalid segment: Checksum error in segment payload [ 141.691659][ T4229] NILFS (loop0): trying rollback from an earlier position [ 141.704902][ T4229] NILFS (loop0): recovery complete [pid 4229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4229] chdir("./file0") = 0 [pid 4229] ioctl(4, LOOP_CLR_FD) = 0 [pid 4229] close(4) = 0 [pid 4229] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4229] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4229] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 141.710789][ T4230] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4229] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4229] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4229] exit_group(0) = ? [pid 4229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4229, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./291/binderfs") = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4231 ./strace-static-x86_64: Process 4231 attached [pid 4231] chdir("./292") = 0 [pid 4231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4231] setpgid(0, 0) = 0 [pid 4231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4231] write(3, "1000", 4) = 4 [pid 4231] close(3) = 0 [pid 4231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4231] memfd_create("syzkaller", 0) = 3 [pid 4231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4231] munmap(0x7eff5e600000, 2097152) = 0 [pid 4231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4231] close(3) = 0 [pid 4231] mkdir("./file0", 0777) = 0 [pid 4231] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 141.968167][ T4231] loop0: detected capacity change from 0 to 4096 [ 141.984373][ T4231] NILFS (loop0): invalid segment: Checksum error in segment payload [ 141.992420][ T4231] NILFS (loop0): trying rollback from an earlier position [ 142.006075][ T4231] NILFS (loop0): recovery complete [pid 4231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4231] chdir("./file0") = 0 [pid 4231] ioctl(4, LOOP_CLR_FD) = 0 [pid 4231] close(4) = 0 [pid 4231] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4231] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4231] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 142.012292][ T4232] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4231] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4231] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4231] exit_group(0) = ? [pid 4231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4231, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./292/binderfs") = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4233 ./strace-static-x86_64: Process 4233 attached [pid 4233] chdir("./293") = 0 [pid 4233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4233] setpgid(0, 0) = 0 [pid 4233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4233] write(3, "1000", 4) = 4 [pid 4233] close(3) = 0 [pid 4233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4233] memfd_create("syzkaller", 0) = 3 [pid 4233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4233] munmap(0x7eff5e600000, 2097152) = 0 [pid 4233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4233] close(3) = 0 [pid 4233] mkdir("./file0", 0777) = 0 [pid 4233] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4233] chdir("./file0") = 0 [ 142.260299][ T4233] loop0: detected capacity change from 0 to 4096 [ 142.276815][ T4233] NILFS (loop0): invalid segment: Checksum error in segment payload [ 142.284902][ T4233] NILFS (loop0): trying rollback from an earlier position [ 142.299165][ T4233] NILFS (loop0): recovery complete [pid 4233] ioctl(4, LOOP_CLR_FD) = 0 [pid 4233] close(4) = 0 [pid 4233] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4233] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 142.304993][ T4234] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4233] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4233] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4233] exit_group(0) = ? [pid 4233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4233, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./293/binderfs") = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4235 ./strace-static-x86_64: Process 4235 attached [pid 4235] chdir("./294") = 0 [pid 4235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4235] setpgid(0, 0) = 0 [pid 4235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4235] write(3, "1000", 4) = 4 [pid 4235] close(3) = 0 [pid 4235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4235] memfd_create("syzkaller", 0) = 3 [pid 4235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4235] munmap(0x7eff5e600000, 2097152) = 0 [pid 4235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4235] close(3) = 0 [pid 4235] mkdir("./file0", 0777) = 0 [ 142.570059][ T4235] loop0: detected capacity change from 0 to 4096 [ 142.588319][ T4235] NILFS (loop0): invalid segment: Checksum error in segment payload [ 142.596312][ T4235] NILFS (loop0): trying rollback from an earlier position [ 142.610844][ T4235] NILFS (loop0): recovery complete [pid 4235] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4235] chdir("./file0") = 0 [pid 4235] ioctl(4, LOOP_CLR_FD) = 0 [pid 4235] close(4) = 0 [pid 4235] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4235] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4235] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 142.617670][ T4236] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4235] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4235] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4235] exit_group(0) = ? [pid 4235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4235, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./294/binderfs") = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4237 ./strace-static-x86_64: Process 4237 attached [pid 4237] chdir("./295") = 0 [pid 4237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4237] setpgid(0, 0) = 0 [pid 4237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4237] write(3, "1000", 4) = 4 [pid 4237] close(3) = 0 [pid 4237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4237] memfd_create("syzkaller", 0) = 3 [pid 4237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4237] munmap(0x7eff5e600000, 2097152) = 0 [pid 4237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4237] close(3) = 0 [pid 4237] mkdir("./file0", 0777) = 0 [ 142.865560][ T4237] loop0: detected capacity change from 0 to 4096 [ 142.881918][ T4237] NILFS (loop0): invalid segment: Checksum error in segment payload [ 142.889939][ T4237] NILFS (loop0): trying rollback from an earlier position [ 142.903538][ T4237] NILFS (loop0): recovery complete [pid 4237] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4237] chdir("./file0") = 0 [pid 4237] ioctl(4, LOOP_CLR_FD) = 0 [pid 4237] close(4) = 0 [pid 4237] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4237] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4237] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 142.909321][ T4238] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4237] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4237] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4237] exit_group(0) = ? [pid 4237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4237, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./295/binderfs") = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4239 attached [pid 4239] chdir("./296") = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4239 [pid 4239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4239] setpgid(0, 0) = 0 [pid 4239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4239] write(3, "1000", 4) = 4 [pid 4239] close(3) = 0 [pid 4239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4239] memfd_create("syzkaller", 0) = 3 [pid 4239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4239] munmap(0x7eff5e600000, 2097152) = 0 [pid 4239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4239] close(3) = 0 [pid 4239] mkdir("./file0", 0777) = 0 [ 143.166961][ T4239] loop0: detected capacity change from 0 to 4096 [ 143.183995][ T4239] NILFS (loop0): invalid segment: Checksum error in segment payload [ 143.192153][ T4239] NILFS (loop0): trying rollback from an earlier position [ 143.205643][ T4239] NILFS (loop0): recovery complete [pid 4239] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4239] chdir("./file0") = 0 [pid 4239] ioctl(4, LOOP_CLR_FD) = 0 [pid 4239] close(4) = 0 [pid 4239] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4239] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4239] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 143.211727][ T4240] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4239] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4239] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4239] exit_group(0) = ? [pid 4239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4239, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./296/binderfs") = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4241 ./strace-static-x86_64: Process 4241 attached [pid 4241] chdir("./297") = 0 [pid 4241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4241] setpgid(0, 0) = 0 [pid 4241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4241] write(3, "1000", 4) = 4 [pid 4241] close(3) = 0 [pid 4241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4241] memfd_create("syzkaller", 0) = 3 [pid 4241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4241] munmap(0x7eff5e600000, 2097152) = 0 [pid 4241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4241] close(3) = 0 [pid 4241] mkdir("./file0", 0777) = 0 [ 143.453804][ T4241] loop0: detected capacity change from 0 to 4096 [ 143.470051][ T4241] NILFS (loop0): invalid segment: Checksum error in segment payload [ 143.478076][ T4241] NILFS (loop0): trying rollback from an earlier position [ 143.490919][ T4241] NILFS (loop0): recovery complete [pid 4241] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4241] chdir("./file0") = 0 [pid 4241] ioctl(4, LOOP_CLR_FD) = 0 [pid 4241] close(4) = 0 [pid 4241] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4241] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4241] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 143.496624][ T4242] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4241] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4241] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4241] exit_group(0) = ? [pid 4241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4241, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./297/binderfs") = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4243 ./strace-static-x86_64: Process 4243 attached [pid 4243] chdir("./298") = 0 [pid 4243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4243] setpgid(0, 0) = 0 [pid 4243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4243] write(3, "1000", 4) = 4 [pid 4243] close(3) = 0 [pid 4243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4243] memfd_create("syzkaller", 0) = 3 [pid 4243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4243] munmap(0x7eff5e600000, 2097152) = 0 [pid 4243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4243] close(3) = 0 [pid 4243] mkdir("./file0", 0777) = 0 [ 143.748797][ T4243] loop0: detected capacity change from 0 to 4096 [ 143.764255][ T4243] NILFS (loop0): invalid segment: Checksum error in segment payload [ 143.772290][ T4243] NILFS (loop0): trying rollback from an earlier position [ 143.785475][ T4243] NILFS (loop0): recovery complete [pid 4243] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4243] chdir("./file0") = 0 [pid 4243] ioctl(4, LOOP_CLR_FD) = 0 [pid 4243] close(4) = 0 [pid 4243] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4243] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4243] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 143.791269][ T4244] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 143.808923][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 143.808936][ T27] audit: type=1800 audit(1670141633.097:300): pid=4243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4243] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4243] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4243] exit_group(0) = ? [pid 4243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4243, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./298/binderfs") = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4245 ./strace-static-x86_64: Process 4245 attached [pid 4245] chdir("./299") = 0 [pid 4245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4245] setpgid(0, 0) = 0 [pid 4245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4245] write(3, "1000", 4) = 4 [pid 4245] close(3) = 0 [pid 4245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4245] memfd_create("syzkaller", 0) = 3 [pid 4245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4245] munmap(0x7eff5e600000, 2097152) = 0 [pid 4245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4245] close(3) = 0 [pid 4245] mkdir("./file0", 0777) = 0 [pid 4245] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4245] chdir("./file0") = 0 [pid 4245] ioctl(4, LOOP_CLR_FD) = 0 [ 144.054010][ T4245] loop0: detected capacity change from 0 to 4096 [ 144.069491][ T4245] NILFS (loop0): invalid segment: Checksum error in segment payload [ 144.077561][ T4245] NILFS (loop0): trying rollback from an earlier position [ 144.090641][ T4245] NILFS (loop0): recovery complete [pid 4245] close(4) = 0 [pid 4245] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4245] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4245] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 144.096373][ T4246] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 144.111643][ T27] audit: type=1800 audit(1670141633.397:301): pid=4245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4245] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4245] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4245] exit_group(0) = ? [pid 4245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4245, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./299/binderfs") = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4247 ./strace-static-x86_64: Process 4247 attached [pid 4247] chdir("./300") = 0 [pid 4247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4247] setpgid(0, 0) = 0 [pid 4247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4247] write(3, "1000", 4) = 4 [pid 4247] close(3) = 0 [pid 4247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4247] memfd_create("syzkaller", 0) = 3 [pid 4247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4247] munmap(0x7eff5e600000, 2097152) = 0 [pid 4247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4247] close(3) = 0 [pid 4247] mkdir("./file0", 0777) = 0 [ 144.348982][ T4247] loop0: detected capacity change from 0 to 4096 [ 144.364909][ T4247] NILFS (loop0): invalid segment: Checksum error in segment payload [ 144.372979][ T4247] NILFS (loop0): trying rollback from an earlier position [ 144.386125][ T4247] NILFS (loop0): recovery complete [pid 4247] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4247] chdir("./file0") = 0 [pid 4247] ioctl(4, LOOP_CLR_FD) = 0 [pid 4247] close(4) = 0 [pid 4247] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4247] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4247] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 144.392575][ T4248] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 144.418856][ T27] audit: type=1800 audit(1670141633.707:302): pid=4247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4247] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4247] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4247] exit_group(0) = ? [pid 4247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4247, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./300/binderfs") = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4249 ./strace-static-x86_64: Process 4249 attached [pid 4249] chdir("./301") = 0 [pid 4249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4249] setpgid(0, 0) = 0 [pid 4249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4249] write(3, "1000", 4) = 4 [pid 4249] close(3) = 0 [pid 4249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4249] memfd_create("syzkaller", 0) = 3 [pid 4249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4249] munmap(0x7eff5e600000, 2097152) = 0 [pid 4249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4249] close(3) = 0 [pid 4249] mkdir("./file0", 0777) = 0 [ 144.666455][ T4249] loop0: detected capacity change from 0 to 4096 [ 144.682907][ T4249] NILFS (loop0): invalid segment: Checksum error in segment payload [ 144.691103][ T4249] NILFS (loop0): trying rollback from an earlier position [ 144.704433][ T4249] NILFS (loop0): recovery complete [pid 4249] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4249] chdir("./file0") = 0 [pid 4249] ioctl(4, LOOP_CLR_FD) = 0 [pid 4249] close(4) = 0 [pid 4249] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4249] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4249] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 144.710461][ T4250] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 144.731693][ T27] audit: type=1800 audit(1670141634.017:303): pid=4249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4249] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4249] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4249] exit_group(0) = ? [pid 4249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4249, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./301/binderfs") = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4251 ./strace-static-x86_64: Process 4251 attached [pid 4251] chdir("./302") = 0 [pid 4251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4251] setpgid(0, 0) = 0 [pid 4251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4251] write(3, "1000", 4) = 4 [pid 4251] close(3) = 0 [pid 4251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4251] memfd_create("syzkaller", 0) = 3 [pid 4251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4251] munmap(0x7eff5e600000, 2097152) = 0 [pid 4251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4251] close(3) = 0 [pid 4251] mkdir("./file0", 0777) = 0 [ 144.977365][ T4251] loop0: detected capacity change from 0 to 4096 [ 144.994772][ T4251] NILFS (loop0): invalid segment: Checksum error in segment payload [ 145.002936][ T4251] NILFS (loop0): trying rollback from an earlier position [ 145.016479][ T4251] NILFS (loop0): recovery complete [pid 4251] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4251] chdir("./file0") = 0 [pid 4251] ioctl(4, LOOP_CLR_FD) = 0 [pid 4251] close(4) = 0 [pid 4251] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4251] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4251] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 145.022826][ T4252] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 145.037097][ T27] audit: type=1800 audit(1670141634.317:304): pid=4251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4251] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4251] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4251] exit_group(0) = ? [pid 4251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4251, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./302/binderfs") = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4253 ./strace-static-x86_64: Process 4253 attached [pid 4253] chdir("./303") = 0 [pid 4253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4253] setpgid(0, 0) = 0 [pid 4253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4253] write(3, "1000", 4) = 4 [pid 4253] close(3) = 0 [pid 4253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4253] memfd_create("syzkaller", 0) = 3 [pid 4253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4253] munmap(0x7eff5e600000, 2097152) = 0 [pid 4253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4253] close(3) = 0 [pid 4253] mkdir("./file0", 0777) = 0 [ 145.294197][ T4253] loop0: detected capacity change from 0 to 4096 [ 145.309626][ T4253] NILFS (loop0): invalid segment: Checksum error in segment payload [ 145.317646][ T4253] NILFS (loop0): trying rollback from an earlier position [ 145.330405][ T4253] NILFS (loop0): recovery complete [pid 4253] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4253] chdir("./file0") = 0 [pid 4253] ioctl(4, LOOP_CLR_FD) = 0 [pid 4253] close(4) = 0 [pid 4253] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4253] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4253] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 145.336207][ T4254] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 145.357424][ T27] audit: type=1800 audit(1670141634.637:305): pid=4253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4253] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4253] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4253] exit_group(0) = ? [pid 4253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4253, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./303/binderfs") = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4255 ./strace-static-x86_64: Process 4255 attached [pid 4255] chdir("./304") = 0 [pid 4255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4255] setpgid(0, 0) = 0 [pid 4255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4255] write(3, "1000", 4) = 4 [pid 4255] close(3) = 0 [pid 4255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4255] memfd_create("syzkaller", 0) = 3 [pid 4255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4255] munmap(0x7eff5e600000, 2097152) = 0 [pid 4255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4255] close(3) = 0 [pid 4255] mkdir("./file0", 0777) = 0 [pid 4255] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4255] chdir("./file0") = 0 [pid 4255] ioctl(4, LOOP_CLR_FD) = 0 [ 145.607285][ T4255] loop0: detected capacity change from 0 to 4096 [ 145.622791][ T4255] NILFS (loop0): invalid segment: Checksum error in segment payload [ 145.630854][ T4255] NILFS (loop0): trying rollback from an earlier position [ 145.644008][ T4255] NILFS (loop0): recovery complete [pid 4255] close(4) = 0 [pid 4255] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4255] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [ 145.650121][ T4256] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4255] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 145.679091][ T27] audit: type=1800 audit(1670141634.967:306): pid=4255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4255] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4255] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4255] exit_group(0) = ? [pid 4255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4255, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./304/binderfs") = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4257 ./strace-static-x86_64: Process 4257 attached [pid 4257] chdir("./305") = 0 [pid 4257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4257] setpgid(0, 0) = 0 [pid 4257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4257] write(3, "1000", 4) = 4 [pid 4257] close(3) = 0 [pid 4257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4257] memfd_create("syzkaller", 0) = 3 [pid 4257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4257] munmap(0x7eff5e600000, 2097152) = 0 [pid 4257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4257] close(3) = 0 [pid 4257] mkdir("./file0", 0777) = 0 [ 145.933140][ T4257] loop0: detected capacity change from 0 to 4096 [ 145.950464][ T4257] NILFS (loop0): invalid segment: Checksum error in segment payload [ 145.958657][ T4257] NILFS (loop0): trying rollback from an earlier position [ 145.972606][ T4257] NILFS (loop0): recovery complete [pid 4257] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4257] chdir("./file0") = 0 [pid 4257] ioctl(4, LOOP_CLR_FD) = 0 [pid 4257] close(4) = 0 [pid 4257] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4257] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4257] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 145.978400][ T4258] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.004054][ T27] audit: type=1800 audit(1670141635.287:307): pid=4257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4257] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4257] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4257] exit_group(0) = ? [pid 4257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4257, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./305/binderfs") = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4259 attached , child_tidptr=0x5555555775d0) = 4259 [pid 4259] chdir("./306") = 0 [pid 4259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4259] setpgid(0, 0) = 0 [pid 4259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4259] write(3, "1000", 4) = 4 [pid 4259] close(3) = 0 [pid 4259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4259] memfd_create("syzkaller", 0) = 3 [pid 4259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4259] munmap(0x7eff5e600000, 2097152) = 0 [pid 4259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4259] close(3) = 0 [pid 4259] mkdir("./file0", 0777) = 0 [pid 4259] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 146.249330][ T4259] loop0: detected capacity change from 0 to 4096 [ 146.266520][ T4259] NILFS (loop0): invalid segment: Checksum error in segment payload [ 146.274593][ T4259] NILFS (loop0): trying rollback from an earlier position [ 146.288328][ T4259] NILFS (loop0): recovery complete [pid 4259] chdir("./file0") = 0 [pid 4259] ioctl(4, LOOP_CLR_FD) = 0 [pid 4259] close(4) = 0 [pid 4259] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4259] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4259] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 146.294345][ T4260] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.321165][ T27] audit: type=1800 audit(1670141635.607:308): pid=4259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4259] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4259] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4259] exit_group(0) = ? [pid 4259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4259, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./306/binderfs") = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4261 attached [pid 4261] chdir("./307") = 0 [pid 4261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4261] setpgid(0, 0) = 0 [pid 4261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4261] write(3, "1000", 4) = 4 [pid 4261] close(3) = 0 [pid 4261] symlink("/dev/binderfs", "./binderfs" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4261 [pid 4261] <... symlink resumed>) = 0 [pid 4261] memfd_create("syzkaller", 0) = 3 [pid 4261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4261] munmap(0x7eff5e600000, 2097152) = 0 [pid 4261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4261] close(3) = 0 [pid 4261] mkdir("./file0", 0777) = 0 [ 146.561275][ T4261] loop0: detected capacity change from 0 to 4096 [ 146.576296][ T4261] NILFS (loop0): invalid segment: Checksum error in segment payload [ 146.584647][ T4261] NILFS (loop0): trying rollback from an earlier position [ 146.597071][ T4261] NILFS (loop0): recovery complete [pid 4261] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4261] chdir("./file0") = 0 [pid 4261] ioctl(4, LOOP_CLR_FD) = 0 [pid 4261] close(4) = 0 [pid 4261] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4261] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4261] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 146.603284][ T4262] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.616358][ T27] audit: type=1800 audit(1670141635.897:309): pid=4261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4261] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4261] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4261] exit_group(0) = ? [pid 4261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4261, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./307/binderfs") = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4263 ./strace-static-x86_64: Process 4263 attached [pid 4263] chdir("./308") = 0 [pid 4263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4263] setpgid(0, 0) = 0 [pid 4263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4263] write(3, "1000", 4) = 4 [pid 4263] close(3) = 0 [pid 4263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4263] memfd_create("syzkaller", 0) = 3 [pid 4263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4263] munmap(0x7eff5e600000, 2097152) = 0 [pid 4263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4263] close(3) = 0 [pid 4263] mkdir("./file0", 0777) = 0 [ 146.858325][ T4263] loop0: detected capacity change from 0 to 4096 [ 146.873082][ T4263] NILFS (loop0): invalid segment: Checksum error in segment payload [ 146.881147][ T4263] NILFS (loop0): trying rollback from an earlier position [ 146.894859][ T4263] NILFS (loop0): recovery complete [pid 4263] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4263] chdir("./file0") = 0 [pid 4263] ioctl(4, LOOP_CLR_FD) = 0 [pid 4263] close(4) = 0 [pid 4263] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4263] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4263] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 146.901081][ T4264] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4263] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4263] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4263] exit_group(0) = ? [pid 4263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4263, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./308/binderfs") = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4265 ./strace-static-x86_64: Process 4265 attached [pid 4265] chdir("./309") = 0 [pid 4265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4265] setpgid(0, 0) = 0 [pid 4265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4265] write(3, "1000", 4) = 4 [pid 4265] close(3) = 0 [pid 4265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4265] memfd_create("syzkaller", 0) = 3 [pid 4265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4265] munmap(0x7eff5e600000, 2097152) = 0 [pid 4265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4265] close(3) = 0 [pid 4265] mkdir("./file0", 0777) = 0 [pid 4265] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 147.149161][ T4265] loop0: detected capacity change from 0 to 4096 [ 147.164940][ T4265] NILFS (loop0): invalid segment: Checksum error in segment payload [ 147.173077][ T4265] NILFS (loop0): trying rollback from an earlier position [ 147.186133][ T4265] NILFS (loop0): recovery complete [pid 4265] chdir("./file0") = 0 [pid 4265] ioctl(4, LOOP_CLR_FD) = 0 [pid 4265] close(4) = 0 [pid 4265] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4265] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4265] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 147.192147][ T4266] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4265] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4265] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4265] exit_group(0) = ? [pid 4265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4265, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./309/binderfs") = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4267 attached , child_tidptr=0x5555555775d0) = 4267 [pid 4267] chdir("./310") = 0 [pid 4267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4267] setpgid(0, 0) = 0 [pid 4267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4267] write(3, "1000", 4) = 4 [pid 4267] close(3) = 0 [pid 4267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4267] memfd_create("syzkaller", 0) = 3 [pid 4267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4267] munmap(0x7eff5e600000, 2097152) = 0 [pid 4267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4267] close(3) = 0 [pid 4267] mkdir("./file0", 0777) = 0 [ 147.447117][ T4267] loop0: detected capacity change from 0 to 4096 [ 147.463573][ T4267] NILFS (loop0): invalid segment: Checksum error in segment payload [ 147.471707][ T4267] NILFS (loop0): trying rollback from an earlier position [ 147.484734][ T4267] NILFS (loop0): recovery complete [pid 4267] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4267] chdir("./file0") = 0 [pid 4267] ioctl(4, LOOP_CLR_FD) = 0 [pid 4267] close(4) = 0 [pid 4267] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4267] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4267] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 147.490487][ T4268] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4267] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4267] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4267] exit_group(0) = ? [pid 4267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4267, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./310/binderfs") = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4269 ./strace-static-x86_64: Process 4269 attached [pid 4269] chdir("./311") = 0 [pid 4269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4269] setpgid(0, 0) = 0 [pid 4269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4269] write(3, "1000", 4) = 4 [pid 4269] close(3) = 0 [pid 4269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4269] memfd_create("syzkaller", 0) = 3 [pid 4269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4269] munmap(0x7eff5e600000, 2097152) = 0 [pid 4269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4269] close(3) = 0 [pid 4269] mkdir("./file0", 0777) = 0 [ 147.744863][ T4269] loop0: detected capacity change from 0 to 4096 [ 147.759287][ T4269] NILFS (loop0): invalid segment: Checksum error in segment payload [ 147.767589][ T4269] NILFS (loop0): trying rollback from an earlier position [ 147.780717][ T4269] NILFS (loop0): recovery complete [pid 4269] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4269] chdir("./file0") = 0 [pid 4269] ioctl(4, LOOP_CLR_FD) = 0 [pid 4269] close(4) = 0 [pid 4269] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4269] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 147.786475][ T4270] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4269] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4269] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4269] exit_group(0) = ? [pid 4269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4269, si_uid=0, si_status=0, si_utime=1, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./311/binderfs") = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4271 ./strace-static-x86_64: Process 4271 attached [pid 4271] chdir("./312") = 0 [pid 4271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4271] setpgid(0, 0) = 0 [pid 4271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4271] write(3, "1000", 4) = 4 [pid 4271] close(3) = 0 [pid 4271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4271] memfd_create("syzkaller", 0) = 3 [pid 4271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4271] munmap(0x7eff5e600000, 2097152) = 0 [pid 4271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4271] close(3) = 0 [pid 4271] mkdir("./file0", 0777) = 0 [pid 4271] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4271] chdir("./file0") = 0 [pid 4271] ioctl(4, LOOP_CLR_FD) = 0 [pid 4271] close(4) = 0 [pid 4271] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 148.043325][ T4271] loop0: detected capacity change from 0 to 4096 [ 148.058593][ T4271] NILFS (loop0): invalid segment: Checksum error in segment payload [ 148.066730][ T4271] NILFS (loop0): trying rollback from an earlier position [ 148.081047][ T4271] NILFS (loop0): recovery complete [pid 4271] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4271] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 148.086818][ T4272] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4271] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4271] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4271] exit_group(0) = ? [pid 4271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4271, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./312/binderfs") = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4273 ./strace-static-x86_64: Process 4273 attached [pid 4273] chdir("./313") = 0 [pid 4273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4273] setpgid(0, 0) = 0 [pid 4273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4273] write(3, "1000", 4) = 4 [pid 4273] close(3) = 0 [pid 4273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4273] memfd_create("syzkaller", 0) = 3 [pid 4273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4273] munmap(0x7eff5e600000, 2097152) = 0 [pid 4273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4273] close(3) = 0 [pid 4273] mkdir("./file0", 0777) = 0 [ 148.347117][ T4273] loop0: detected capacity change from 0 to 4096 [ 148.362696][ T4273] NILFS (loop0): invalid segment: Checksum error in segment payload [ 148.370725][ T4273] NILFS (loop0): trying rollback from an earlier position [ 148.384340][ T4273] NILFS (loop0): recovery complete [pid 4273] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4273] chdir("./file0") = 0 [pid 4273] ioctl(4, LOOP_CLR_FD) = 0 [pid 4273] close(4) = 0 [pid 4273] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4273] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4273] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 148.390523][ T4274] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4273] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4273] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4273] exit_group(0) = ? [pid 4273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4273, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./313/binderfs") = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4275 ./strace-static-x86_64: Process 4275 attached [pid 4275] chdir("./314") = 0 [pid 4275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4275] setpgid(0, 0) = 0 [pid 4275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4275] write(3, "1000", 4) = 4 [pid 4275] close(3) = 0 [pid 4275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4275] memfd_create("syzkaller", 0) = 3 [pid 4275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4275] munmap(0x7eff5e600000, 2097152) = 0 [pid 4275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4275] close(3) = 0 [pid 4275] mkdir("./file0", 0777) = 0 [ 148.654368][ T4275] loop0: detected capacity change from 0 to 4096 [ 148.669641][ T4275] NILFS (loop0): invalid segment: Checksum error in segment payload [ 148.677712][ T4275] NILFS (loop0): trying rollback from an earlier position [ 148.690868][ T4275] NILFS (loop0): recovery complete [pid 4275] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4275] chdir("./file0") = 0 [pid 4275] ioctl(4, LOOP_CLR_FD) = 0 [pid 4275] close(4) = 0 [pid 4275] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4275] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4275] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 148.696777][ T4276] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4275] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4275] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4275] exit_group(0) = ? [pid 4275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4275, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./314/binderfs") = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4277 ./strace-static-x86_64: Process 4277 attached [pid 4277] chdir("./315") = 0 [pid 4277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4277] setpgid(0, 0) = 0 [pid 4277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4277] write(3, "1000", 4) = 4 [pid 4277] close(3) = 0 [pid 4277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4277] memfd_create("syzkaller", 0) = 3 [pid 4277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4277] munmap(0x7eff5e600000, 2097152) = 0 [pid 4277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4277] close(3) = 0 [pid 4277] mkdir("./file0", 0777) = 0 [pid 4277] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4277] chdir("./file0") = 0 [ 148.952243][ T4277] loop0: detected capacity change from 0 to 4096 [ 148.968761][ T4277] NILFS (loop0): invalid segment: Checksum error in segment payload [ 148.976808][ T4277] NILFS (loop0): trying rollback from an earlier position [ 148.991803][ T4277] NILFS (loop0): recovery complete [pid 4277] ioctl(4, LOOP_CLR_FD) = 0 [pid 4277] close(4) = 0 [pid 4277] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4277] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 148.998178][ T4278] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.017357][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 149.017371][ T27] audit: type=1800 audit(1670141638.287:317): pid=4277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4277] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4277] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4277] exit_group(0) = ? [pid 4277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4277, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./315/binderfs") = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4279 ./strace-static-x86_64: Process 4279 attached [pid 4279] chdir("./316") = 0 [pid 4279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4279] setpgid(0, 0) = 0 [pid 4279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4279] write(3, "1000", 4) = 4 [pid 4279] close(3) = 0 [pid 4279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4279] memfd_create("syzkaller", 0) = 3 [pid 4279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4279] munmap(0x7eff5e600000, 2097152) = 0 [pid 4279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4279] close(3) = 0 [pid 4279] mkdir("./file0", 0777) = 0 [pid 4279] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4279] chdir("./file0") = 0 [pid 4279] ioctl(4, LOOP_CLR_FD) = 0 [pid 4279] close(4) = 0 [pid 4279] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4279] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4279] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 149.257930][ T4279] loop0: detected capacity change from 0 to 4096 [ 149.271092][ T4279] NILFS (loop0): invalid segment: Checksum error in segment payload [ 149.279272][ T4279] NILFS (loop0): trying rollback from an earlier position [ 149.291958][ T4279] NILFS (loop0): recovery complete [ 149.297966][ T4280] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.320193][ T27] audit: type=1800 audit(1670141638.587:318): pid=4279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4279] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4279] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4279] exit_group(0) = ? [pid 4279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4279, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./316/binderfs") = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4281 ./strace-static-x86_64: Process 4281 attached [pid 4281] chdir("./317") = 0 [pid 4281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4281] setpgid(0, 0) = 0 [pid 4281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4281] write(3, "1000", 4) = 4 [pid 4281] close(3) = 0 [pid 4281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4281] memfd_create("syzkaller", 0) = 3 [pid 4281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4281] munmap(0x7eff5e600000, 2097152) = 0 [pid 4281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4281] close(3) = 0 [pid 4281] mkdir("./file0", 0777) = 0 [ 149.564240][ T4281] loop0: detected capacity change from 0 to 4096 [ 149.580525][ T4281] NILFS (loop0): invalid segment: Checksum error in segment payload [ 149.588668][ T4281] NILFS (loop0): trying rollback from an earlier position [ 149.602243][ T4281] NILFS (loop0): recovery complete [pid 4281] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4281] chdir("./file0") = 0 [pid 4281] ioctl(4, LOOP_CLR_FD) = 0 [pid 4281] close(4) = 0 [pid 4281] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4281] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4281] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 149.608304][ T4282] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.627376][ T27] audit: type=1800 audit(1670141638.897:319): pid=4281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4281] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4281] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4281] exit_group(0) = ? [pid 4281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4281, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./317/binderfs") = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4283 ./strace-static-x86_64: Process 4283 attached [pid 4283] chdir("./318") = 0 [pid 4283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4283] setpgid(0, 0) = 0 [pid 4283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4283] write(3, "1000", 4) = 4 [pid 4283] close(3) = 0 [pid 4283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4283] memfd_create("syzkaller", 0) = 3 [pid 4283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4283] munmap(0x7eff5e600000, 2097152) = 0 [pid 4283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4283] close(3) = 0 [pid 4283] mkdir("./file0", 0777) = 0 [ 149.856432][ T4283] loop0: detected capacity change from 0 to 4096 [ 149.871843][ T4283] NILFS (loop0): invalid segment: Checksum error in segment payload [ 149.879886][ T4283] NILFS (loop0): trying rollback from an earlier position [ 149.892402][ T4283] NILFS (loop0): recovery complete [pid 4283] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4283] chdir("./file0") = 0 [pid 4283] ioctl(4, LOOP_CLR_FD) = 0 [pid 4283] close(4) = 0 [pid 4283] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4283] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4283] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 149.898723][ T4284] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.913116][ T27] audit: type=1800 audit(1670141639.197:320): pid=4283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4283] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4283] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4283] exit_group(0) = ? [pid 4283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4283, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./318/binderfs") = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4285 ./strace-static-x86_64: Process 4285 attached [pid 4285] chdir("./319") = 0 [pid 4285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4285] setpgid(0, 0) = 0 [pid 4285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4285] write(3, "1000", 4) = 4 [pid 4285] close(3) = 0 [pid 4285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4285] memfd_create("syzkaller", 0) = 3 [pid 4285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4285] munmap(0x7eff5e600000, 2097152) = 0 [pid 4285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4285] close(3) = 0 [pid 4285] mkdir("./file0", 0777) = 0 [ 150.162854][ T4285] loop0: detected capacity change from 0 to 4096 [ 150.178205][ T4285] NILFS (loop0): invalid segment: Checksum error in segment payload [ 150.186257][ T4285] NILFS (loop0): trying rollback from an earlier position [ 150.200270][ T4285] NILFS (loop0): recovery complete [pid 4285] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4285] chdir("./file0") = 0 [pid 4285] ioctl(4, LOOP_CLR_FD) = 0 [pid 4285] close(4) = 0 [pid 4285] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4285] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4285] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 150.206213][ T4286] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 150.232250][ T27] audit: type=1800 audit(1670141639.517:321): pid=4285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4285] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4285] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4285] exit_group(0) = ? [pid 4285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4285, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./319/binderfs") = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4287 attached , child_tidptr=0x5555555775d0) = 4287 [pid 4287] chdir("./320") = 0 [pid 4287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4287] setpgid(0, 0) = 0 [pid 4287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4287] write(3, "1000", 4) = 4 [pid 4287] close(3) = 0 [pid 4287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4287] memfd_create("syzkaller", 0) = 3 [pid 4287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4287] munmap(0x7eff5e600000, 2097152) = 0 [pid 4287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4287] close(3) = 0 [pid 4287] mkdir("./file0", 0777) = 0 [ 150.484036][ T4287] loop0: detected capacity change from 0 to 4096 [ 150.499261][ T4287] NILFS (loop0): invalid segment: Checksum error in segment payload [ 150.507374][ T4287] NILFS (loop0): trying rollback from an earlier position [ 150.521374][ T4287] NILFS (loop0): recovery complete [pid 4287] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4287] chdir("./file0") = 0 [pid 4287] ioctl(4, LOOP_CLR_FD) = 0 [pid 4287] close(4) = 0 [pid 4287] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 150.527166][ T4288] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4287] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4287] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 150.558805][ T27] audit: type=1800 audit(1670141639.847:322): pid=4287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4287] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4287] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4287] exit_group(0) = ? [pid 4287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4287, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./320/binderfs") = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4289 attached , child_tidptr=0x5555555775d0) = 4289 [pid 4289] chdir("./321") = 0 [pid 4289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4289] setpgid(0, 0) = 0 [pid 4289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4289] write(3, "1000", 4) = 4 [pid 4289] close(3) = 0 [pid 4289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4289] memfd_create("syzkaller", 0) = 3 [pid 4289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4289] munmap(0x7eff5e600000, 2097152) = 0 [pid 4289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4289] close(3) = 0 [pid 4289] mkdir("./file0", 0777) = 0 [pid 4289] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4289] chdir("./file0") = 0 [pid 4289] ioctl(4, LOOP_CLR_FD) = 0 [ 150.801910][ T4289] loop0: detected capacity change from 0 to 4096 [ 150.817847][ T4289] NILFS (loop0): invalid segment: Checksum error in segment payload [ 150.825859][ T4289] NILFS (loop0): trying rollback from an earlier position [ 150.839167][ T4289] NILFS (loop0): recovery complete [pid 4289] close(4) = 0 [pid 4289] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4289] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4289] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 150.845067][ T4290] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 150.870537][ T27] audit: type=1800 audit(1670141640.157:323): pid=4289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4289] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4289] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4289] exit_group(0) = ? [pid 4289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4289, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./321/binderfs") = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4291 attached [pid 4291] chdir("./322") = 0 [pid 4291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4291] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4291 [pid 4291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4291] write(3, "1000", 4) = 4 [pid 4291] close(3) = 0 [pid 4291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4291] memfd_create("syzkaller", 0) = 3 [pid 4291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4291] munmap(0x7eff5e600000, 2097152) = 0 [pid 4291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4291] close(3) = 0 [pid 4291] mkdir("./file0", 0777) = 0 [pid 4291] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4291] chdir("./file0") = 0 [pid 4291] ioctl(4, LOOP_CLR_FD) = 0 [pid 4291] close(4) = 0 [pid 4291] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 151.094898][ T4291] loop0: detected capacity change from 0 to 4096 [ 151.110124][ T4291] NILFS (loop0): invalid segment: Checksum error in segment payload [ 151.118138][ T4291] NILFS (loop0): trying rollback from an earlier position [ 151.130642][ T4291] NILFS (loop0): recovery complete [pid 4291] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4291] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 151.136882][ T4292] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 151.141074][ T27] audit: type=1800 audit(1670141640.427:324): pid=4291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4291] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4291] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4291] exit_group(0) = ? [pid 4291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4291, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./322/binderfs") = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4293 attached , child_tidptr=0x5555555775d0) = 4293 [pid 4293] chdir("./323") = 0 [pid 4293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4293] setpgid(0, 0) = 0 [pid 4293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4293] write(3, "1000", 4) = 4 [pid 4293] close(3) = 0 [pid 4293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4293] memfd_create("syzkaller", 0) = 3 [pid 4293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4293] munmap(0x7eff5e600000, 2097152) = 0 [pid 4293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4293] close(3) = 0 [pid 4293] mkdir("./file0", 0777) = 0 [ 151.415941][ T4293] loop0: detected capacity change from 0 to 4096 [ 151.431080][ T4293] NILFS (loop0): invalid segment: Checksum error in segment payload [ 151.439198][ T4293] NILFS (loop0): trying rollback from an earlier position [ 151.451816][ T4293] NILFS (loop0): recovery complete [pid 4293] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4293] chdir("./file0") = 0 [pid 4293] ioctl(4, LOOP_CLR_FD) = 0 [pid 4293] close(4) = 0 [pid 4293] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4293] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4293] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 151.457927][ T4294] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 151.483995][ T27] audit: type=1800 audit(1670141640.767:325): pid=4293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4293] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4293] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4293] exit_group(0) = ? [pid 4293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4293, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./323/binderfs") = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4295 ./strace-static-x86_64: Process 4295 attached [pid 4295] chdir("./324") = 0 [pid 4295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4295] setpgid(0, 0) = 0 [pid 4295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4295] write(3, "1000", 4) = 4 [pid 4295] close(3) = 0 [pid 4295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4295] memfd_create("syzkaller", 0) = 3 [pid 4295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4295] munmap(0x7eff5e600000, 2097152) = 0 [pid 4295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4295] close(3) = 0 [pid 4295] mkdir("./file0", 0777) = 0 [ 151.726664][ T4295] loop0: detected capacity change from 0 to 4096 [ 151.743346][ T4295] NILFS (loop0): invalid segment: Checksum error in segment payload [ 151.751414][ T4295] NILFS (loop0): trying rollback from an earlier position [ 151.765209][ T4295] NILFS (loop0): recovery complete [pid 4295] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4295] chdir("./file0") = 0 [pid 4295] ioctl(4, LOOP_CLR_FD) = 0 [pid 4295] close(4) = 0 [pid 4295] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4295] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4295] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 151.771548][ T4296] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 151.787359][ T27] audit: type=1800 audit(1670141641.057:326): pid=4295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4295] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4295] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4295] exit_group(0) = ? [pid 4295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4295, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./324/binderfs") = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4297 ./strace-static-x86_64: Process 4297 attached [pid 4297] chdir("./325") = 0 [pid 4297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4297] setpgid(0, 0) = 0 [pid 4297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4297] write(3, "1000", 4) = 4 [pid 4297] close(3) = 0 [pid 4297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4297] memfd_create("syzkaller", 0) = 3 [pid 4297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4297] munmap(0x7eff5e600000, 2097152) = 0 [pid 4297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4297] close(3) = 0 [pid 4297] mkdir("./file0", 0777) = 0 [ 152.035968][ T4297] loop0: detected capacity change from 0 to 4096 [ 152.053254][ T4297] NILFS (loop0): invalid segment: Checksum error in segment payload [ 152.061390][ T4297] NILFS (loop0): trying rollback from an earlier position [ 152.075323][ T4297] NILFS (loop0): recovery complete [pid 4297] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4297] chdir("./file0") = 0 [pid 4297] ioctl(4, LOOP_CLR_FD) = 0 [pid 4297] close(4) = 0 [pid 4297] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4297] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4297] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 152.081841][ T4298] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4297] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4297] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4297] exit_group(0) = ? [pid 4297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4297, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./325/binderfs") = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4299 ./strace-static-x86_64: Process 4299 attached [pid 4299] chdir("./326") = 0 [pid 4299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4299] setpgid(0, 0) = 0 [pid 4299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4299] write(3, "1000", 4) = 4 [pid 4299] close(3) = 0 [pid 4299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4299] memfd_create("syzkaller", 0) = 3 [pid 4299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4299] munmap(0x7eff5e600000, 2097152) = 0 [pid 4299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4299] close(3) = 0 [pid 4299] mkdir("./file0", 0777) = 0 [ 152.331751][ T4299] loop0: detected capacity change from 0 to 4096 [ 152.348451][ T4299] NILFS (loop0): invalid segment: Checksum error in segment payload [ 152.356446][ T4299] NILFS (loop0): trying rollback from an earlier position [ 152.369946][ T4299] NILFS (loop0): recovery complete [pid 4299] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4299] chdir("./file0") = 0 [pid 4299] ioctl(4, LOOP_CLR_FD) = 0 [pid 4299] close(4) = 0 [pid 4299] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4299] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4299] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 152.376517][ T4300] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4299] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4299] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4299] exit_group(0) = ? [pid 4299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4299, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./326/binderfs") = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4301 ./strace-static-x86_64: Process 4301 attached [pid 4301] chdir("./327") = 0 [pid 4301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4301] setpgid(0, 0) = 0 [pid 4301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4301] write(3, "1000", 4) = 4 [pid 4301] close(3) = 0 [pid 4301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4301] memfd_create("syzkaller", 0) = 3 [pid 4301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4301] munmap(0x7eff5e600000, 2097152) = 0 [pid 4301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4301] close(3) = 0 [pid 4301] mkdir("./file0", 0777) = 0 [pid 4301] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4301] chdir("./file0") = 0 [pid 4301] ioctl(4, LOOP_CLR_FD) = 0 [pid 4301] close(4) = 0 [pid 4301] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 152.626905][ T4301] loop0: detected capacity change from 0 to 4096 [ 152.641756][ T4301] NILFS (loop0): invalid segment: Checksum error in segment payload [ 152.649849][ T4301] NILFS (loop0): trying rollback from an earlier position [ 152.663056][ T4301] NILFS (loop0): recovery complete [pid 4301] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4301] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 152.678290][ T4302] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4301] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4301] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4301] exit_group(0) = ? [pid 4301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4301, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./327/binderfs") = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4303 attached [pid 4303] chdir("./328") = 0 [pid 4303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4303] setpgid(0, 0) = 0 [pid 4303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4303 [pid 4303] <... openat resumed>) = 3 [pid 4303] write(3, "1000", 4) = 4 [pid 4303] close(3) = 0 [pid 4303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4303] memfd_create("syzkaller", 0) = 3 [pid 4303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4303] munmap(0x7eff5e600000, 2097152) = 0 [pid 4303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4303] close(3) = 0 [pid 4303] mkdir("./file0", 0777) = 0 [ 152.927377][ T4303] loop0: detected capacity change from 0 to 4096 [ 152.942565][ T4303] NILFS (loop0): invalid segment: Checksum error in segment payload [ 152.950599][ T4303] NILFS (loop0): trying rollback from an earlier position [ 152.964201][ T4303] NILFS (loop0): recovery complete [pid 4303] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4303] chdir("./file0") = 0 [pid 4303] ioctl(4, LOOP_CLR_FD) = 0 [pid 4303] close(4) = 0 [pid 4303] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4303] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 152.970723][ T4304] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4303] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4303] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4303] exit_group(0) = ? [pid 4303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4303, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./328/binderfs") = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4305 ./strace-static-x86_64: Process 4305 attached [pid 4305] chdir("./329") = 0 [pid 4305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4305] setpgid(0, 0) = 0 [pid 4305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4305] write(3, "1000", 4) = 4 [pid 4305] close(3) = 0 [pid 4305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4305] memfd_create("syzkaller", 0) = 3 [pid 4305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4305] munmap(0x7eff5e600000, 2097152) = 0 [pid 4305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4305] close(3) = 0 [pid 4305] mkdir("./file0", 0777) = 0 [ 153.221497][ T4305] loop0: detected capacity change from 0 to 4096 [ 153.236954][ T4305] NILFS (loop0): invalid segment: Checksum error in segment payload [ 153.245309][ T4305] NILFS (loop0): trying rollback from an earlier position [ 153.258420][ T4305] NILFS (loop0): recovery complete [pid 4305] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4305] chdir("./file0") = 0 [pid 4305] ioctl(4, LOOP_CLR_FD) = 0 [pid 4305] close(4) = 0 [pid 4305] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4305] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4305] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 153.264405][ T4306] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4305] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4305] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4305] exit_group(0) = ? [pid 4305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4305, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./329/binderfs") = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4307 ./strace-static-x86_64: Process 4307 attached [pid 4307] chdir("./330") = 0 [pid 4307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4307] setpgid(0, 0) = 0 [pid 4307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4307] write(3, "1000", 4) = 4 [pid 4307] close(3) = 0 [pid 4307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4307] memfd_create("syzkaller", 0) = 3 [pid 4307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4307] munmap(0x7eff5e600000, 2097152) = 0 [pid 4307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4307] close(3) = 0 [pid 4307] mkdir("./file0", 0777) = 0 [ 153.515668][ T4307] loop0: detected capacity change from 0 to 4096 [ 153.531119][ T4307] NILFS (loop0): invalid segment: Checksum error in segment payload [ 153.539185][ T4307] NILFS (loop0): trying rollback from an earlier position [ 153.552641][ T4307] NILFS (loop0): recovery complete [pid 4307] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4307] chdir("./file0") = 0 [pid 4307] ioctl(4, LOOP_CLR_FD) = 0 [pid 4307] close(4) = 0 [pid 4307] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4307] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4307] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 153.559184][ T4308] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4307] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4307] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4307] exit_group(0) = ? [pid 4307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4307, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./330/binderfs") = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4309 ./strace-static-x86_64: Process 4309 attached [pid 4309] chdir("./331") = 0 [pid 4309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4309] setpgid(0, 0) = 0 [pid 4309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4309] write(3, "1000", 4) = 4 [pid 4309] close(3) = 0 [pid 4309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4309] memfd_create("syzkaller", 0) = 3 [pid 4309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4309] munmap(0x7eff5e600000, 2097152) = 0 [pid 4309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4309] close(3) = 0 [pid 4309] mkdir("./file0", 0777) = 0 [ 153.818481][ T4309] loop0: detected capacity change from 0 to 4096 [ 153.834638][ T4309] NILFS (loop0): invalid segment: Checksum error in segment payload [ 153.842813][ T4309] NILFS (loop0): trying rollback from an earlier position [ 153.856746][ T4309] NILFS (loop0): recovery complete [pid 4309] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4309] chdir("./file0") = 0 [pid 4309] ioctl(4, LOOP_CLR_FD) = 0 [pid 4309] close(4) = 0 [pid 4309] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4309] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 153.862840][ T4310] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4309] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4309] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4309] exit_group(0) = ? [pid 4309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4309, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./331/binderfs") = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4311 attached , child_tidptr=0x5555555775d0) = 4311 [pid 4311] chdir("./332") = 0 [pid 4311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4311] setpgid(0, 0) = 0 [pid 4311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4311] write(3, "1000", 4) = 4 [pid 4311] close(3) = 0 [pid 4311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4311] memfd_create("syzkaller", 0) = 3 [pid 4311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4311] munmap(0x7eff5e600000, 2097152) = 0 [pid 4311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4311] close(3) = 0 [pid 4311] mkdir("./file0", 0777) = 0 [ 154.106205][ T4311] loop0: detected capacity change from 0 to 4096 [ 154.122885][ T4311] NILFS (loop0): invalid segment: Checksum error in segment payload [ 154.131053][ T4311] NILFS (loop0): trying rollback from an earlier position [ 154.144544][ T4311] NILFS (loop0): recovery complete [pid 4311] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4311] chdir("./file0") = 0 [pid 4311] ioctl(4, LOOP_CLR_FD) = 0 [pid 4311] close(4) = 0 [pid 4311] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 154.151045][ T4312] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4311] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4311] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 154.179450][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 154.179473][ T27] audit: type=1800 audit(1670141643.467:334): pid=4311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4311] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4311] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4311] exit_group(0) = ? [pid 4311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4311, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./332/binderfs") = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4313 ./strace-static-x86_64: Process 4313 attached [pid 4313] chdir("./333") = 0 [pid 4313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4313] setpgid(0, 0) = 0 [pid 4313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4313] write(3, "1000", 4) = 4 [pid 4313] close(3) = 0 [pid 4313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4313] memfd_create("syzkaller", 0) = 3 [pid 4313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4313] munmap(0x7eff5e600000, 2097152) = 0 [pid 4313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4313] close(3) = 0 [pid 4313] mkdir("./file0", 0777) = 0 [ 154.422844][ T4313] loop0: detected capacity change from 0 to 4096 [ 154.438596][ T4313] NILFS (loop0): invalid segment: Checksum error in segment payload [ 154.446592][ T4313] NILFS (loop0): trying rollback from an earlier position [ 154.459753][ T4313] NILFS (loop0): recovery complete [pid 4313] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4313] chdir("./file0") = 0 [pid 4313] ioctl(4, LOOP_CLR_FD) = 0 [pid 4313] close(4) = 0 [pid 4313] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4313] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 154.466162][ T4314] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.478833][ T27] audit: type=1800 audit(1670141643.767:335): pid=4313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4313] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4313] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4313] exit_group(0) = ? [pid 4313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4313, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./333/binderfs") = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4315 ./strace-static-x86_64: Process 4315 attached [pid 4315] chdir("./334") = 0 [pid 4315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4315] setpgid(0, 0) = 0 [pid 4315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4315] write(3, "1000", 4) = 4 [pid 4315] close(3) = 0 [pid 4315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4315] memfd_create("syzkaller", 0) = 3 [pid 4315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4315] munmap(0x7eff5e600000, 2097152) = 0 [pid 4315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4315] close(3) = 0 [pid 4315] mkdir("./file0", 0777) = 0 [pid 4315] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 154.719816][ T4315] loop0: detected capacity change from 0 to 4096 [ 154.735256][ T4315] NILFS (loop0): invalid segment: Checksum error in segment payload [ 154.743408][ T4315] NILFS (loop0): trying rollback from an earlier position [ 154.756685][ T4315] NILFS (loop0): recovery complete [pid 4315] chdir("./file0") = 0 [pid 4315] ioctl(4, LOOP_CLR_FD) = 0 [pid 4315] close(4) = 0 [pid 4315] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4315] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4315] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 154.762767][ T4316] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.780969][ T27] audit: type=1800 audit(1670141644.067:336): pid=4315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4315] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4315] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4315] exit_group(0) = ? [pid 4315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4315, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./334/binderfs") = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4317 ./strace-static-x86_64: Process 4317 attached [pid 4317] chdir("./335") = 0 [pid 4317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4317] setpgid(0, 0) = 0 [pid 4317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4317] write(3, "1000", 4) = 4 [pid 4317] close(3) = 0 [pid 4317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4317] memfd_create("syzkaller", 0) = 3 [pid 4317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4317] munmap(0x7eff5e600000, 2097152) = 0 [pid 4317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4317] close(3) = 0 [pid 4317] mkdir("./file0", 0777) = 0 [ 155.035080][ T4317] loop0: detected capacity change from 0 to 4096 [ 155.051680][ T4317] NILFS (loop0): invalid segment: Checksum error in segment payload [ 155.059772][ T4317] NILFS (loop0): trying rollback from an earlier position [ 155.072922][ T4317] NILFS (loop0): recovery complete [pid 4317] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4317] chdir("./file0") = 0 [pid 4317] ioctl(4, LOOP_CLR_FD) = 0 [pid 4317] close(4) = 0 [pid 4317] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4317] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4317] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 155.079054][ T4318] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.098004][ T27] audit: type=1800 audit(1670141644.387:337): pid=4317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4317] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4317] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4317] exit_group(0) = ? [pid 4317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4317, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./335/binderfs") = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4319 ./strace-static-x86_64: Process 4319 attached [pid 4319] chdir("./336") = 0 [pid 4319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4319] setpgid(0, 0) = 0 [pid 4319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4319] write(3, "1000", 4) = 4 [pid 4319] close(3) = 0 [pid 4319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4319] memfd_create("syzkaller", 0) = 3 [pid 4319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4319] munmap(0x7eff5e600000, 2097152) = 0 [pid 4319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4319] close(3) = 0 [pid 4319] mkdir("./file0", 0777) = 0 [ 155.334987][ T4319] loop0: detected capacity change from 0 to 4096 [ 155.351586][ T4319] NILFS (loop0): invalid segment: Checksum error in segment payload [ 155.359686][ T4319] NILFS (loop0): trying rollback from an earlier position [ 155.372984][ T4319] NILFS (loop0): recovery complete [pid 4319] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4319] chdir("./file0") = 0 [pid 4319] ioctl(4, LOOP_CLR_FD) = 0 [pid 4319] close(4) = 0 [pid 4319] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4319] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4319] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 155.380179][ T4320] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.394342][ T27] audit: type=1800 audit(1670141644.677:338): pid=4319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4319] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4319] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4319] exit_group(0) = ? [pid 4319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4319, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./336/binderfs") = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4321 ./strace-static-x86_64: Process 4321 attached [pid 4321] chdir("./337") = 0 [pid 4321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4321] setpgid(0, 0) = 0 [pid 4321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4321] write(3, "1000", 4) = 4 [pid 4321] close(3) = 0 [pid 4321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4321] memfd_create("syzkaller", 0) = 3 [pid 4321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4321] munmap(0x7eff5e600000, 2097152) = 0 [pid 4321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4321] close(3) = 0 [pid 4321] mkdir("./file0", 0777) = 0 [pid 4321] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 155.629208][ T4321] loop0: detected capacity change from 0 to 4096 [ 155.644246][ T4321] NILFS (loop0): invalid segment: Checksum error in segment payload [ 155.652400][ T4321] NILFS (loop0): trying rollback from an earlier position [ 155.667412][ T4321] NILFS (loop0): recovery complete [pid 4321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4321] chdir("./file0") = 0 [pid 4321] ioctl(4, LOOP_CLR_FD) = 0 [pid 4321] close(4) = 0 [pid 4321] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4321] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 155.675053][ T4322] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.690404][ T27] audit: type=1800 audit(1670141644.977:339): pid=4321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4321] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4321] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4321] exit_group(0) = ? [pid 4321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4321, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./337/binderfs") = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4323 ./strace-static-x86_64: Process 4323 attached [pid 4323] chdir("./338") = 0 [pid 4323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4323] setpgid(0, 0) = 0 [pid 4323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4323] write(3, "1000", 4) = 4 [pid 4323] close(3) = 0 [pid 4323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4323] memfd_create("syzkaller", 0) = 3 [pid 4323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4323] munmap(0x7eff5e600000, 2097152) = 0 [pid 4323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4323] close(3) = 0 [pid 4323] mkdir("./file0", 0777) = 0 [ 155.912939][ T4323] loop0: detected capacity change from 0 to 4096 [ 155.928300][ T4323] NILFS (loop0): invalid segment: Checksum error in segment payload [ 155.936303][ T4323] NILFS (loop0): trying rollback from an earlier position [ 155.949497][ T4323] NILFS (loop0): recovery complete [pid 4323] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4323] chdir("./file0") = 0 [pid 4323] ioctl(4, LOOP_CLR_FD) = 0 [pid 4323] close(4) = 0 [pid 4323] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4323] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4323] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 155.955709][ T4324] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.980363][ T27] audit: type=1800 audit(1670141645.267:340): pid=4323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4323] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4323] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4323] exit_group(0) = ? [pid 4323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4323, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./338/binderfs") = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4325 attached [pid 4325] chdir("./339") = 0 [pid 4325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4325] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4325 [pid 4325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4325] write(3, "1000", 4) = 4 [pid 4325] close(3) = 0 [pid 4325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4325] memfd_create("syzkaller", 0) = 3 [pid 4325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4325] munmap(0x7eff5e600000, 2097152) = 0 [pid 4325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4325] close(3) = 0 [pid 4325] mkdir("./file0", 0777) = 0 [ 156.217219][ T4325] loop0: detected capacity change from 0 to 4096 [ 156.233479][ T4325] NILFS (loop0): invalid segment: Checksum error in segment payload [ 156.241612][ T4325] NILFS (loop0): trying rollback from an earlier position [ 156.255380][ T4325] NILFS (loop0): recovery complete [pid 4325] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4325] chdir("./file0") = 0 [pid 4325] ioctl(4, LOOP_CLR_FD) = 0 [pid 4325] close(4) = 0 [pid 4325] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4325] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 156.261458][ T4326] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 156.285264][ T27] audit: type=1800 audit(1670141645.567:341): pid=4325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4325] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4325] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4325] exit_group(0) = ? [pid 4325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4325, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./339/binderfs") = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4327 attached , child_tidptr=0x5555555775d0) = 4327 [pid 4327] chdir("./340") = 0 [pid 4327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4327] setpgid(0, 0) = 0 [pid 4327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4327] write(3, "1000", 4) = 4 [pid 4327] close(3) = 0 [pid 4327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4327] memfd_create("syzkaller", 0) = 3 [pid 4327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4327] munmap(0x7eff5e600000, 2097152) = 0 [pid 4327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4327] close(3) = 0 [pid 4327] mkdir("./file0", 0777) = 0 [ 156.540306][ T4327] loop0: detected capacity change from 0 to 4096 [ 156.555790][ T4327] NILFS (loop0): invalid segment: Checksum error in segment payload [ 156.564037][ T4327] NILFS (loop0): trying rollback from an earlier position [ 156.577889][ T4327] NILFS (loop0): recovery complete [pid 4327] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4327] chdir("./file0") = 0 [pid 4327] ioctl(4, LOOP_CLR_FD) = 0 [pid 4327] close(4) = 0 [pid 4327] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4327] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4327] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 156.583832][ T4328] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 156.588515][ T27] audit: type=1800 audit(1670141645.877:342): pid=4327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4327] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4327] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4327] exit_group(0) = ? [pid 4327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4327, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./340/binderfs") = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4329 attached , child_tidptr=0x5555555775d0) = 4329 [pid 4329] chdir("./341") = 0 [pid 4329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4329] setpgid(0, 0) = 0 [pid 4329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4329] write(3, "1000", 4) = 4 [pid 4329] close(3) = 0 [pid 4329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4329] memfd_create("syzkaller", 0) = 3 [pid 4329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4329] munmap(0x7eff5e600000, 2097152) = 0 [pid 4329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4329] close(3) = 0 [pid 4329] mkdir("./file0", 0777) = 0 [ 156.865852][ T4329] loop0: detected capacity change from 0 to 4096 [ 156.882658][ T4329] NILFS (loop0): invalid segment: Checksum error in segment payload [ 156.890749][ T4329] NILFS (loop0): trying rollback from an earlier position [ 156.904731][ T4329] NILFS (loop0): recovery complete [pid 4329] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4329] chdir("./file0") = 0 [pid 4329] ioctl(4, LOOP_CLR_FD) = 0 [pid 4329] close(4) = 0 [pid 4329] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4329] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4329] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 156.910773][ T4330] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 156.929080][ T27] audit: type=1800 audit(1670141646.217:343): pid=4329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4329] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4329] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4329] exit_group(0) = ? [pid 4329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4329, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./341/binderfs") = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4331 ./strace-static-x86_64: Process 4331 attached [pid 4331] chdir("./342") = 0 [pid 4331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4331] setpgid(0, 0) = 0 [pid 4331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4331] write(3, "1000", 4) = 4 [pid 4331] close(3) = 0 [pid 4331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4331] memfd_create("syzkaller", 0) = 3 [pid 4331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4331] munmap(0x7eff5e600000, 2097152) = 0 [pid 4331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4331] close(3) = 0 [pid 4331] mkdir("./file0", 0777) = 0 [ 157.190283][ T4331] loop0: detected capacity change from 0 to 4096 [ 157.206750][ T4331] NILFS (loop0): invalid segment: Checksum error in segment payload [ 157.214874][ T4331] NILFS (loop0): trying rollback from an earlier position [ 157.227998][ T4331] NILFS (loop0): recovery complete [pid 4331] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4331] chdir("./file0") = 0 [pid 4331] ioctl(4, LOOP_CLR_FD) = 0 [pid 4331] close(4) = 0 [pid 4331] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4331] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4331] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 157.233977][ T4332] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4331] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4331] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4331] exit_group(0) = ? [pid 4331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4331, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./342/binderfs") = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4333 ./strace-static-x86_64: Process 4333 attached [pid 4333] chdir("./343") = 0 [pid 4333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4333] setpgid(0, 0) = 0 [pid 4333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4333] write(3, "1000", 4) = 4 [pid 4333] close(3) = 0 [pid 4333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4333] memfd_create("syzkaller", 0) = 3 [pid 4333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4333] munmap(0x7eff5e600000, 2097152) = 0 [pid 4333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4333] close(3) = 0 [pid 4333] mkdir("./file0", 0777) = 0 [ 157.481449][ T4333] loop0: detected capacity change from 0 to 4096 [ 157.498235][ T4333] NILFS (loop0): invalid segment: Checksum error in segment payload [ 157.506284][ T4333] NILFS (loop0): trying rollback from an earlier position [ 157.520747][ T4333] NILFS (loop0): recovery complete [pid 4333] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4333] chdir("./file0") = 0 [pid 4333] ioctl(4, LOOP_CLR_FD) = 0 [pid 4333] close(4) = 0 [pid 4333] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4333] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 157.527615][ T4334] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4333] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4333] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4333] exit_group(0) = ? [pid 4333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4333, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./343/binderfs") = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4335 ./strace-static-x86_64: Process 4335 attached [pid 4335] chdir("./344") = 0 [pid 4335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4335] setpgid(0, 0) = 0 [pid 4335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4335] write(3, "1000", 4) = 4 [pid 4335] close(3) = 0 [pid 4335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4335] memfd_create("syzkaller", 0) = 3 [pid 4335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4335] munmap(0x7eff5e600000, 2097152) = 0 [pid 4335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4335] close(3) = 0 [pid 4335] mkdir("./file0", 0777) = 0 [pid 4335] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4335] chdir("./file0") = 0 [pid 4335] ioctl(4, LOOP_CLR_FD) = 0 [pid 4335] close(4) = 0 [pid 4335] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4335] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4335] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 157.785209][ T4335] loop0: detected capacity change from 0 to 4096 [ 157.800792][ T4335] NILFS (loop0): invalid segment: Checksum error in segment payload [ 157.808883][ T4335] NILFS (loop0): trying rollback from an earlier position [ 157.822086][ T4335] NILFS (loop0): recovery complete [ 157.828061][ T4336] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4335] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4335] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4335] exit_group(0) = ? [pid 4335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4335, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./344/binderfs") = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4337 ./strace-static-x86_64: Process 4337 attached [pid 4337] chdir("./345") = 0 [pid 4337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4337] setpgid(0, 0) = 0 [pid 4337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4337] write(3, "1000", 4) = 4 [pid 4337] close(3) = 0 [pid 4337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4337] memfd_create("syzkaller", 0) = 3 [pid 4337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4337] munmap(0x7eff5e600000, 2097152) = 0 [pid 4337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4337] close(3) = 0 [pid 4337] mkdir("./file0", 0777) = 0 [pid 4337] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 158.079022][ T4337] loop0: detected capacity change from 0 to 4096 [ 158.093571][ T4337] NILFS (loop0): invalid segment: Checksum error in segment payload [ 158.101713][ T4337] NILFS (loop0): trying rollback from an earlier position [ 158.115129][ T4337] NILFS (loop0): recovery complete [pid 4337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4337] chdir("./file0") = 0 [pid 4337] ioctl(4, LOOP_CLR_FD) = 0 [pid 4337] close(4) = 0 [pid 4337] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4337] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4337] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 158.122142][ T4338] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4337] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4337] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4337] exit_group(0) = ? [pid 4337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4337, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./345/binderfs") = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4339 ./strace-static-x86_64: Process 4339 attached [pid 4339] chdir("./346") = 0 [pid 4339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4339] setpgid(0, 0) = 0 [pid 4339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4339] write(3, "1000", 4) = 4 [pid 4339] close(3) = 0 [pid 4339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4339] memfd_create("syzkaller", 0) = 3 [pid 4339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4339] munmap(0x7eff5e600000, 2097152) = 0 [pid 4339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4339] close(3) = 0 [pid 4339] mkdir("./file0", 0777) = 0 [pid 4339] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4339] chdir("./file0") = 0 [pid 4339] ioctl(4, LOOP_CLR_FD) = 0 [ 158.361524][ T4339] loop0: detected capacity change from 0 to 4096 [ 158.376155][ T4339] NILFS (loop0): invalid segment: Checksum error in segment payload [ 158.384221][ T4339] NILFS (loop0): trying rollback from an earlier position [ 158.397449][ T4339] NILFS (loop0): recovery complete [pid 4339] close(4) = 0 [pid 4339] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4339] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 158.404009][ T4340] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4339] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4339] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4339] exit_group(0) = ? [pid 4339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4339, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./346/binderfs") = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4341 ./strace-static-x86_64: Process 4341 attached [pid 4341] chdir("./347") = 0 [pid 4341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4341] setpgid(0, 0) = 0 [pid 4341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4341] write(3, "1000", 4) = 4 [pid 4341] close(3) = 0 [pid 4341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4341] memfd_create("syzkaller", 0) = 3 [pid 4341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4341] munmap(0x7eff5e600000, 2097152) = 0 [pid 4341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4341] close(3) = 0 [pid 4341] mkdir("./file0", 0777) = 0 [pid 4341] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 158.648999][ T4341] loop0: detected capacity change from 0 to 4096 [ 158.665221][ T4341] NILFS (loop0): invalid segment: Checksum error in segment payload [ 158.673351][ T4341] NILFS (loop0): trying rollback from an earlier position [ 158.688487][ T4341] NILFS (loop0): recovery complete [pid 4341] chdir("./file0") = 0 [pid 4341] ioctl(4, LOOP_CLR_FD) = 0 [pid 4341] close(4) = 0 [pid 4341] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4341] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4341] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 158.696752][ T4342] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4341] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4341] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4341] exit_group(0) = ? [pid 4341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4341, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./347/binderfs") = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4343 ./strace-static-x86_64: Process 4343 attached [pid 4343] chdir("./348") = 0 [pid 4343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4343] setpgid(0, 0) = 0 [pid 4343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4343] write(3, "1000", 4) = 4 [pid 4343] close(3) = 0 [pid 4343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4343] memfd_create("syzkaller", 0) = 3 [pid 4343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4343] munmap(0x7eff5e600000, 2097152) = 0 [pid 4343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4343] close(3) = 0 [pid 4343] mkdir("./file0", 0777) = 0 [ 158.942563][ T4343] loop0: detected capacity change from 0 to 4096 [ 158.957534][ T4343] NILFS (loop0): invalid segment: Checksum error in segment payload [ 158.965534][ T4343] NILFS (loop0): trying rollback from an earlier position [ 158.978918][ T4343] NILFS (loop0): recovery complete [pid 4343] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4343] chdir("./file0") = 0 [pid 4343] ioctl(4, LOOP_CLR_FD) = 0 [pid 4343] close(4) = 0 [pid 4343] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4343] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 158.985852][ T4344] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4343] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4343] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4343] exit_group(0) = ? [pid 4343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4343, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./348/binderfs") = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4345 ./strace-static-x86_64: Process 4345 attached [pid 4345] chdir("./349") = 0 [pid 4345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4345] setpgid(0, 0) = 0 [pid 4345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4345] write(3, "1000", 4) = 4 [pid 4345] close(3) = 0 [pid 4345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4345] memfd_create("syzkaller", 0) = 3 [pid 4345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4345] munmap(0x7eff5e600000, 2097152) = 0 [pid 4345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4345] close(3) = 0 [pid 4345] mkdir("./file0", 0777) = 0 [ 159.243934][ T4345] loop0: detected capacity change from 0 to 4096 [ 159.258773][ T4345] NILFS (loop0): invalid segment: Checksum error in segment payload [ 159.266811][ T4345] NILFS (loop0): trying rollback from an earlier position [ 159.279921][ T4345] NILFS (loop0): recovery complete [pid 4345] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4345] chdir("./file0") = 0 [pid 4345] ioctl(4, LOOP_CLR_FD) = 0 [pid 4345] close(4) = 0 [pid 4345] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4345] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 159.286078][ T4346] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.309009][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 159.309022][ T27] audit: type=1800 audit(1670141648.597:351): pid=4345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4345] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4345] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4345] exit_group(0) = ? [pid 4345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4345, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./349/binderfs") = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4347 ./strace-static-x86_64: Process 4347 attached [pid 4347] chdir("./350") = 0 [pid 4347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4347] setpgid(0, 0) = 0 [pid 4347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4347] write(3, "1000", 4) = 4 [pid 4347] close(3) = 0 [pid 4347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4347] memfd_create("syzkaller", 0) = 3 [pid 4347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4347] munmap(0x7eff5e600000, 2097152) = 0 [pid 4347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4347] close(3) = 0 [pid 4347] mkdir("./file0", 0777) = 0 [ 159.541335][ T4347] loop0: detected capacity change from 0 to 4096 [ 159.566968][ T4347] NILFS (loop0): invalid segment: Checksum error in segment payload [ 159.575028][ T4347] NILFS (loop0): trying rollback from an earlier position [pid 4347] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4347] chdir("./file0") = 0 [pid 4347] ioctl(4, LOOP_CLR_FD) = 0 [pid 4347] close(4) = 0 [pid 4347] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4347] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 159.589128][ T4347] NILFS (loop0): recovery complete [ 159.595284][ T4348] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.610239][ T27] audit: type=1800 audit(1670141648.897:352): pid=4347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4347] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4347] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4347] exit_group(0) = ? [pid 4347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4347, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./350/binderfs") = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4349 ./strace-static-x86_64: Process 4349 attached [pid 4349] chdir("./351") = 0 [pid 4349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4349] setpgid(0, 0) = 0 [pid 4349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4349] write(3, "1000", 4) = 4 [pid 4349] close(3) = 0 [pid 4349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4349] memfd_create("syzkaller", 0) = 3 [pid 4349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4349] munmap(0x7eff5e600000, 2097152) = 0 [pid 4349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4349] close(3) = 0 [pid 4349] mkdir("./file0", 0777) = 0 [pid 4349] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4349] chdir("./file0") = 0 [ 159.850017][ T4349] loop0: detected capacity change from 0 to 4096 [ 159.864354][ T4349] NILFS (loop0): invalid segment: Checksum error in segment payload [ 159.872446][ T4349] NILFS (loop0): trying rollback from an earlier position [ 159.885876][ T4349] NILFS (loop0): recovery complete [pid 4349] ioctl(4, LOOP_CLR_FD) = 0 [pid 4349] close(4) = 0 [pid 4349] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4349] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4349] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 159.892445][ T4350] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.912944][ T27] audit: type=1800 audit(1670141649.197:353): pid=4349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4349] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4349] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4349] exit_group(0) = ? [pid 4349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4349, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./351/binderfs") = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4351 ./strace-static-x86_64: Process 4351 attached [pid 4351] chdir("./352") = 0 [pid 4351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4351] setpgid(0, 0) = 0 [pid 4351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4351] write(3, "1000", 4) = 4 [pid 4351] close(3) = 0 [pid 4351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4351] memfd_create("syzkaller", 0) = 3 [pid 4351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4351] munmap(0x7eff5e600000, 2097152) = 0 [pid 4351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4351] close(3) = 0 [pid 4351] mkdir("./file0", 0777) = 0 [pid 4351] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 160.149841][ T4351] loop0: detected capacity change from 0 to 4096 [ 160.164662][ T4351] NILFS (loop0): invalid segment: Checksum error in segment payload [ 160.172851][ T4351] NILFS (loop0): trying rollback from an earlier position [ 160.186688][ T4351] NILFS (loop0): recovery complete [pid 4351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4351] chdir("./file0") = 0 [pid 4351] ioctl(4, LOOP_CLR_FD) = 0 [pid 4351] close(4) = 0 [pid 4351] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4351] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4351] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 160.193300][ T4352] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.218872][ T27] audit: type=1800 audit(1670141649.507:354): pid=4351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4351] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4351] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4351] exit_group(0) = ? [pid 4351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4351, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./352/binderfs") = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4353 ./strace-static-x86_64: Process 4353 attached [pid 4353] chdir("./353") = 0 [pid 4353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4353] setpgid(0, 0) = 0 [pid 4353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4353] write(3, "1000", 4) = 4 [pid 4353] close(3) = 0 [pid 4353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4353] memfd_create("syzkaller", 0) = 3 [pid 4353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4353] munmap(0x7eff5e600000, 2097152) = 0 [pid 4353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4353] close(3) = 0 [pid 4353] mkdir("./file0", 0777) = 0 [pid 4353] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [ 160.450703][ T4353] loop0: detected capacity change from 0 to 4096 [ 160.468086][ T4353] NILFS (loop0): invalid segment: Checksum error in segment payload [ 160.476149][ T4353] NILFS (loop0): trying rollback from an earlier position [ 160.490547][ T4353] NILFS (loop0): recovery complete [pid 4353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4353] chdir("./file0") = 0 [pid 4353] ioctl(4, LOOP_CLR_FD) = 0 [pid 4353] close(4) = 0 [pid 4353] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4353] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 160.497087][ T4354] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.521292][ T27] audit: type=1800 audit(1670141649.807:355): pid=4353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4353] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4353] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4353] exit_group(0) = ? [pid 4353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4353, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./353/binderfs") = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4355 ./strace-static-x86_64: Process 4355 attached [pid 4355] chdir("./354") = 0 [pid 4355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4355] setpgid(0, 0) = 0 [pid 4355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4355] write(3, "1000", 4) = 4 [pid 4355] close(3) = 0 [pid 4355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4355] memfd_create("syzkaller", 0) = 3 [pid 4355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4355] munmap(0x7eff5e600000, 2097152) = 0 [pid 4355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4355] close(3) = 0 [pid 4355] mkdir("./file0", 0777) = 0 [ 160.756164][ T4355] loop0: detected capacity change from 0 to 4096 [ 160.771825][ T4355] NILFS (loop0): invalid segment: Checksum error in segment payload [ 160.779936][ T4355] NILFS (loop0): trying rollback from an earlier position [ 160.793222][ T4355] NILFS (loop0): recovery complete [pid 4355] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4355] chdir("./file0") = 0 [pid 4355] ioctl(4, LOOP_CLR_FD) = 0 [pid 4355] close(4) = 0 [pid 4355] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4355] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4355] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 160.799259][ T4356] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.815338][ T27] audit: type=1800 audit(1670141650.097:356): pid=4355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4355] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4355] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4355] exit_group(0) = ? [pid 4355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4355, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./354/binderfs") = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4357 attached , child_tidptr=0x5555555775d0) = 4357 [pid 4357] chdir("./355") = 0 [pid 4357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4357] setpgid(0, 0) = 0 [pid 4357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4357] write(3, "1000", 4) = 4 [pid 4357] close(3) = 0 [pid 4357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4357] memfd_create("syzkaller", 0) = 3 [pid 4357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4357] munmap(0x7eff5e600000, 2097152) = 0 [pid 4357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4357] close(3) = 0 [pid 4357] mkdir("./file0", 0777) = 0 [ 161.054673][ T4357] loop0: detected capacity change from 0 to 4096 [ 161.071404][ T4357] NILFS (loop0): invalid segment: Checksum error in segment payload [ 161.079696][ T4357] NILFS (loop0): trying rollback from an earlier position [ 161.092536][ T4357] NILFS (loop0): recovery complete [pid 4357] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4357] chdir("./file0") = 0 [pid 4357] ioctl(4, LOOP_CLR_FD) = 0 [pid 4357] close(4) = 0 [pid 4357] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4357] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4357] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 161.098984][ T4358] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.118071][ T27] audit: type=1800 audit(1670141650.407:357): pid=4357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4357] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4357] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4357] exit_group(0) = ? [pid 4357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4357, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./355/binderfs") = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4359 ./strace-static-x86_64: Process 4359 attached [pid 4359] chdir("./356") = 0 [pid 4359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4359] setpgid(0, 0) = 0 [pid 4359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4359] write(3, "1000", 4) = 4 [pid 4359] close(3) = 0 [pid 4359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4359] memfd_create("syzkaller", 0) = 3 [pid 4359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4359] munmap(0x7eff5e600000, 2097152) = 0 [pid 4359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4359] close(3) = 0 [pid 4359] mkdir("./file0", 0777) = 0 [ 161.348830][ T4359] loop0: detected capacity change from 0 to 4096 [ 161.363522][ T4359] NILFS (loop0): invalid segment: Checksum error in segment payload [ 161.371603][ T4359] NILFS (loop0): trying rollback from an earlier position [ 161.385090][ T4359] NILFS (loop0): recovery complete [pid 4359] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4359] chdir("./file0") = 0 [pid 4359] ioctl(4, LOOP_CLR_FD) = 0 [pid 4359] close(4) = 0 [pid 4359] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4359] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 161.392008][ T4360] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.415286][ T27] audit: type=1800 audit(1670141650.697:358): pid=4359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4359] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4359] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4359] exit_group(0) = ? [pid 4359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4359, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./356/binderfs") = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4361 ./strace-static-x86_64: Process 4361 attached [pid 4361] chdir("./357") = 0 [pid 4361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4361] setpgid(0, 0) = 0 [pid 4361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4361] write(3, "1000", 4) = 4 [pid 4361] close(3) = 0 [pid 4361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4361] memfd_create("syzkaller", 0) = 3 [pid 4361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4361] munmap(0x7eff5e600000, 2097152) = 0 [pid 4361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4361] close(3) = 0 [pid 4361] mkdir("./file0", 0777) = 0 [ 161.649678][ T4361] loop0: detected capacity change from 0 to 4096 [ 161.675097][ T4361] NILFS (loop0): invalid segment: Checksum error in segment payload [ 161.683777][ T4361] NILFS (loop0): trying rollback from an earlier position [pid 4361] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4361] chdir("./file0") = 0 [pid 4361] ioctl(4, LOOP_CLR_FD) = 0 [pid 4361] close(4) = 0 [pid 4361] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4361] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4361] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 161.697511][ T4361] NILFS (loop0): recovery complete [ 161.703819][ T4362] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.717394][ T27] audit: type=1800 audit(1670141650.997:359): pid=4361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4361] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4361] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4361] exit_group(0) = ? [pid 4361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4361, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./357/binderfs") = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4363 ./strace-static-x86_64: Process 4363 attached [pid 4363] chdir("./358") = 0 [pid 4363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4363] setpgid(0, 0) = 0 [pid 4363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4363] write(3, "1000", 4) = 4 [pid 4363] close(3) = 0 [pid 4363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4363] memfd_create("syzkaller", 0) = 3 [pid 4363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4363] munmap(0x7eff5e600000, 2097152) = 0 [pid 4363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4363] close(3) = 0 [pid 4363] mkdir("./file0", 0777) = 0 [ 161.955250][ T4363] loop0: detected capacity change from 0 to 4096 [ 161.970223][ T4363] NILFS (loop0): invalid segment: Checksum error in segment payload [ 161.978244][ T4363] NILFS (loop0): trying rollback from an earlier position [ 161.991191][ T4363] NILFS (loop0): recovery complete [pid 4363] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4363] chdir("./file0") = 0 [pid 4363] ioctl(4, LOOP_CLR_FD) = 0 [pid 4363] close(4) = 0 [pid 4363] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4363] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4363] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 161.997593][ T4364] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 162.020090][ T27] audit: type=1800 audit(1670141651.307:360): pid=4363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4363] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4363] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4363] exit_group(0) = ? [pid 4363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4363, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./358/binderfs") = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4365 attached [pid 4365] chdir("./359") = 0 [pid 4365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4365] setpgid(0, 0) = 0 [pid 4365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4365 [pid 4365] <... openat resumed>) = 3 [pid 4365] write(3, "1000", 4) = 4 [pid 4365] close(3) = 0 [pid 4365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4365] memfd_create("syzkaller", 0) = 3 [pid 4365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4365] munmap(0x7eff5e600000, 2097152) = 0 [pid 4365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4365] close(3) = 0 [pid 4365] mkdir("./file0", 0777) = 0 [pid 4365] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4365] chdir("./file0") = 0 [pid 4365] ioctl(4, LOOP_CLR_FD) = 0 [pid 4365] close(4) = 0 [ 162.267020][ T4365] loop0: detected capacity change from 0 to 4096 [ 162.283868][ T4365] NILFS (loop0): invalid segment: Checksum error in segment payload [ 162.291942][ T4365] NILFS (loop0): trying rollback from an earlier position [ 162.305750][ T4365] NILFS (loop0): recovery complete [pid 4365] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4365] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 162.312467][ T4366] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4365] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4365] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4365] exit_group(0) = ? [pid 4365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4365, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./359/binderfs") = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4367 ./strace-static-x86_64: Process 4367 attached [pid 4367] chdir("./360") = 0 [pid 4367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4367] setpgid(0, 0) = 0 [pid 4367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4367] write(3, "1000", 4) = 4 [pid 4367] close(3) = 0 [pid 4367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4367] memfd_create("syzkaller", 0) = 3 [pid 4367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4367] munmap(0x7eff5e600000, 2097152) = 0 [pid 4367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4367] close(3) = 0 [pid 4367] mkdir("./file0", 0777) = 0 [ 162.560557][ T4367] loop0: detected capacity change from 0 to 4096 [ 162.574608][ T4367] NILFS (loop0): invalid segment: Checksum error in segment payload [ 162.582732][ T4367] NILFS (loop0): trying rollback from an earlier position [ 162.596219][ T4367] NILFS (loop0): recovery complete [pid 4367] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4367] chdir("./file0") = 0 [pid 4367] ioctl(4, LOOP_CLR_FD) = 0 [pid 4367] close(4) = 0 [pid 4367] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4367] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4367] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 162.602301][ T4368] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4367] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4367] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4367] exit_group(0) = ? [pid 4367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4367, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./360/binderfs") = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4369 ./strace-static-x86_64: Process 4369 attached [pid 4369] chdir("./361") = 0 [pid 4369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4369] setpgid(0, 0) = 0 [pid 4369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4369] write(3, "1000", 4) = 4 [pid 4369] close(3) = 0 [pid 4369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4369] memfd_create("syzkaller", 0) = 3 [pid 4369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4369] munmap(0x7eff5e600000, 2097152) = 0 [pid 4369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4369] close(3) = 0 [pid 4369] mkdir("./file0", 0777) = 0 [pid 4369] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4369] chdir("./file0") = 0 [pid 4369] ioctl(4, LOOP_CLR_FD) = 0 [pid 4369] close(4) = 0 [pid 4369] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 162.857921][ T4369] loop0: detected capacity change from 0 to 4096 [ 162.873264][ T4369] NILFS (loop0): invalid segment: Checksum error in segment payload [ 162.881417][ T4369] NILFS (loop0): trying rollback from an earlier position [ 162.894692][ T4369] NILFS (loop0): recovery complete [pid 4369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4369] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 162.912649][ T4370] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4369] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4369] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4369] exit_group(0) = ? [pid 4369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4369, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./361/binderfs") = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4371 ./strace-static-x86_64: Process 4371 attached [pid 4371] chdir("./362") = 0 [pid 4371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4371] setpgid(0, 0) = 0 [pid 4371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4371] write(3, "1000", 4) = 4 [pid 4371] close(3) = 0 [pid 4371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4371] memfd_create("syzkaller", 0) = 3 [pid 4371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4371] munmap(0x7eff5e600000, 2097152) = 0 [pid 4371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4371] close(3) = 0 [pid 4371] mkdir("./file0", 0777) = 0 [ 163.158361][ T4371] loop0: detected capacity change from 0 to 4096 [ 163.174013][ T4371] NILFS (loop0): invalid segment: Checksum error in segment payload [ 163.182051][ T4371] NILFS (loop0): trying rollback from an earlier position [ 163.195380][ T4371] NILFS (loop0): recovery complete [pid 4371] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4371] chdir("./file0") = 0 [pid 4371] ioctl(4, LOOP_CLR_FD) = 0 [pid 4371] close(4) = 0 [pid 4371] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4371] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 163.201736][ T4372] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4371] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4371] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4371] exit_group(0) = ? [pid 4371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4371, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./362/binderfs") = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4373 ./strace-static-x86_64: Process 4373 attached [pid 4373] chdir("./363") = 0 [pid 4373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4373] setpgid(0, 0) = 0 [pid 4373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4373] write(3, "1000", 4) = 4 [pid 4373] close(3) = 0 [pid 4373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4373] memfd_create("syzkaller", 0) = 3 [pid 4373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4373] munmap(0x7eff5e600000, 2097152) = 0 [pid 4373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4373] close(3) = 0 [pid 4373] mkdir("./file0", 0777) = 0 [ 163.449134][ T4373] loop0: detected capacity change from 0 to 4096 [ 163.464012][ T4373] NILFS (loop0): invalid segment: Checksum error in segment payload [ 163.472275][ T4373] NILFS (loop0): trying rollback from an earlier position [ 163.485476][ T4373] NILFS (loop0): recovery complete [pid 4373] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4373] chdir("./file0") = 0 [pid 4373] ioctl(4, LOOP_CLR_FD) = 0 [pid 4373] close(4) = 0 [pid 4373] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4373] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4373] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 163.491678][ T4374] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4373] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4373] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4373] exit_group(0) = ? [pid 4373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4373, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./363/binderfs") = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4375 ./strace-static-x86_64: Process 4375 attached [pid 4375] chdir("./364") = 0 [pid 4375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4375] setpgid(0, 0) = 0 [pid 4375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4375] write(3, "1000", 4) = 4 [pid 4375] close(3) = 0 [pid 4375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4375] memfd_create("syzkaller", 0) = 3 [pid 4375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4375] munmap(0x7eff5e600000, 2097152) = 0 [pid 4375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4375] close(3) = 0 [pid 4375] mkdir("./file0", 0777) = 0 [ 163.736411][ T4375] loop0: detected capacity change from 0 to 4096 [ 163.751410][ T4375] NILFS (loop0): invalid segment: Checksum error in segment payload [ 163.759479][ T4375] NILFS (loop0): trying rollback from an earlier position [ 163.772185][ T4375] NILFS (loop0): recovery complete [pid 4375] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4375] chdir("./file0") = 0 [pid 4375] ioctl(4, LOOP_CLR_FD) = 0 [pid 4375] close(4) = 0 [pid 4375] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4375] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4375] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 163.778652][ T4376] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4375] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4375] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4375] exit_group(0) = ? [pid 4375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4375, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./364/binderfs") = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4377 ./strace-static-x86_64: Process 4377 attached [pid 4377] chdir("./365") = 0 [pid 4377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4377] setpgid(0, 0) = 0 [pid 4377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4377] write(3, "1000", 4) = 4 [pid 4377] close(3) = 0 [pid 4377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4377] memfd_create("syzkaller", 0) = 3 [pid 4377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4377] munmap(0x7eff5e600000, 2097152) = 0 [pid 4377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4377] close(3) = 0 [pid 4377] mkdir("./file0", 0777) = 0 [ 164.034846][ T4377] loop0: detected capacity change from 0 to 4096 [ 164.050514][ T4377] NILFS (loop0): invalid segment: Checksum error in segment payload [ 164.058656][ T4377] NILFS (loop0): trying rollback from an earlier position [ 164.071241][ T4377] NILFS (loop0): recovery complete [pid 4377] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4377] chdir("./file0") = 0 [pid 4377] ioctl(4, LOOP_CLR_FD) = 0 [pid 4377] close(4) = 0 [pid 4377] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4377] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4377] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 164.077562][ T4378] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4377] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4377] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4377] exit_group(0) = ? [pid 4377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4377, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./365/binderfs") = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4379 attached [pid 4379] chdir("./366") = 0 [pid 4379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4379] setpgid(0, 0) = 0 [pid 4379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4379] write(3, "1000", 4) = 4 [pid 4379] close(3) = 0 [pid 4379] symlink("/dev/binderfs", "./binderfs" [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4379 [pid 4379] <... symlink resumed>) = 0 [pid 4379] memfd_create("syzkaller", 0) = 3 [pid 4379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4379] munmap(0x7eff5e600000, 2097152) = 0 [pid 4379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4379] close(3) = 0 [pid 4379] mkdir("./file0", 0777) = 0 [ 164.314250][ T4379] loop0: detected capacity change from 0 to 4096 [ 164.330073][ T4379] NILFS (loop0): invalid segment: Checksum error in segment payload [ 164.338127][ T4379] NILFS (loop0): trying rollback from an earlier position [ 164.351597][ T4379] NILFS (loop0): recovery complete [pid 4379] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4379] chdir("./file0") = 0 [pid 4379] ioctl(4, LOOP_CLR_FD) = 0 [pid 4379] close(4) = 0 [pid 4379] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4379] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4379] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 164.357707][ T4380] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 164.382839][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 164.382853][ T27] audit: type=1800 audit(1670141653.667:368): pid=4379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4379] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4379] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4379] exit_group(0) = ? [pid 4379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4379, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./366/binderfs") = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4381 ./strace-static-x86_64: Process 4381 attached [pid 4381] chdir("./367") = 0 [pid 4381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4381] setpgid(0, 0) = 0 [pid 4381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4381] write(3, "1000", 4) = 4 [pid 4381] close(3) = 0 [pid 4381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4381] memfd_create("syzkaller", 0) = 3 [pid 4381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4381] munmap(0x7eff5e600000, 2097152) = 0 [pid 4381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4381] close(3) = 0 [pid 4381] mkdir("./file0", 0777) = 0 [pid 4381] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4381] chdir("./file0") = 0 [pid 4381] ioctl(4, LOOP_CLR_FD) = 0 [pid 4381] close(4) = 0 [ 164.642768][ T4381] loop0: detected capacity change from 0 to 4096 [ 164.658725][ T4381] NILFS (loop0): invalid segment: Checksum error in segment payload [ 164.666791][ T4381] NILFS (loop0): trying rollback from an earlier position [ 164.679921][ T4381] NILFS (loop0): recovery complete [pid 4381] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4381] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 164.685930][ T4382] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 164.699796][ T27] audit: type=1800 audit(1670141653.987:369): pid=4381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4381] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4381] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4381] exit_group(0) = ? [pid 4381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4381, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./367/binderfs") = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4383 ./strace-static-x86_64: Process 4383 attached [pid 4383] chdir("./368") = 0 [pid 4383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4383] setpgid(0, 0) = 0 [pid 4383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4383] write(3, "1000", 4) = 4 [pid 4383] close(3) = 0 [pid 4383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4383] memfd_create("syzkaller", 0) = 3 [pid 4383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4383] munmap(0x7eff5e600000, 2097152) = 0 [pid 4383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4383] close(3) = 0 [pid 4383] mkdir("./file0", 0777) = 0 [ 164.942121][ T4383] loop0: detected capacity change from 0 to 4096 [ 164.959428][ T4383] NILFS (loop0): invalid segment: Checksum error in segment payload [ 164.968370][ T4383] NILFS (loop0): trying rollback from an earlier position [ 164.982095][ T4383] NILFS (loop0): recovery complete [pid 4383] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4383] chdir("./file0") = 0 [pid 4383] ioctl(4, LOOP_CLR_FD) = 0 [pid 4383] close(4) = 0 [pid 4383] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4383] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4383] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 164.988216][ T4384] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 164.992165][ T27] audit: type=1800 audit(1670141654.277:370): pid=4383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4383] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4383] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4383] exit_group(0) = ? [pid 4383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4383, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./368/binderfs") = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4385 ./strace-static-x86_64: Process 4385 attached [pid 4385] chdir("./369") = 0 [pid 4385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4385] setpgid(0, 0) = 0 [pid 4385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4385] write(3, "1000", 4) = 4 [pid 4385] close(3) = 0 [pid 4385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4385] memfd_create("syzkaller", 0) = 3 [pid 4385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4385] munmap(0x7eff5e600000, 2097152) = 0 [pid 4385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4385] close(3) = 0 [pid 4385] mkdir("./file0", 0777) = 0 [ 165.249802][ T4385] loop0: detected capacity change from 0 to 4096 [ 165.264173][ T4385] NILFS (loop0): invalid segment: Checksum error in segment payload [ 165.272293][ T4385] NILFS (loop0): trying rollback from an earlier position [ 165.285330][ T4385] NILFS (loop0): recovery complete [pid 4385] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4385] chdir("./file0") = 0 [pid 4385] ioctl(4, LOOP_CLR_FD) = 0 [pid 4385] close(4) = 0 [pid 4385] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4385] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4385] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 165.291601][ T4386] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.307709][ T27] audit: type=1800 audit(1670141654.577:371): pid=4385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4385] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4385] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4385] exit_group(0) = ? [pid 4385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4385, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./369/binderfs") = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4387 attached , child_tidptr=0x5555555775d0) = 4387 [pid 4387] chdir("./370") = 0 [pid 4387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4387] setpgid(0, 0) = 0 [pid 4387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4387] write(3, "1000", 4) = 4 [pid 4387] close(3) = 0 [pid 4387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4387] memfd_create("syzkaller", 0) = 3 [pid 4387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4387] munmap(0x7eff5e600000, 2097152) = 0 [pid 4387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4387] close(3) = 0 [pid 4387] mkdir("./file0", 0777) = 0 [ 165.545632][ T4387] loop0: detected capacity change from 0 to 4096 [ 165.560046][ T4387] NILFS (loop0): invalid segment: Checksum error in segment payload [ 165.568066][ T4387] NILFS (loop0): trying rollback from an earlier position [ 165.580864][ T4387] NILFS (loop0): recovery complete [pid 4387] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4387] chdir("./file0") = 0 [pid 4387] ioctl(4, LOOP_CLR_FD) = 0 [pid 4387] close(4) = 0 [pid 4387] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4387] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4387] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 165.586827][ T4388] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.603484][ T27] audit: type=1800 audit(1670141654.887:372): pid=4387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4387] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4387] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4387] exit_group(0) = ? [pid 4387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4387, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./370/binderfs") = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4389 ./strace-static-x86_64: Process 4389 attached [pid 4389] chdir("./371") = 0 [pid 4389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4389] setpgid(0, 0) = 0 [pid 4389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4389] write(3, "1000", 4) = 4 [pid 4389] close(3) = 0 [pid 4389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4389] memfd_create("syzkaller", 0) = 3 [pid 4389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4389] munmap(0x7eff5e600000, 2097152) = 0 [pid 4389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4389] close(3) = 0 [pid 4389] mkdir("./file0", 0777) = 0 [ 165.858702][ T4389] loop0: detected capacity change from 0 to 4096 [ 165.873884][ T4389] NILFS (loop0): invalid segment: Checksum error in segment payload [ 165.881950][ T4389] NILFS (loop0): trying rollback from an earlier position [ 165.895089][ T4389] NILFS (loop0): recovery complete [pid 4389] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4389] chdir("./file0") = 0 [pid 4389] ioctl(4, LOOP_CLR_FD) = 0 [pid 4389] close(4) = 0 [pid 4389] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4389] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4389] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 165.901861][ T4390] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.924956][ T27] audit: type=1800 audit(1670141655.207:373): pid=4389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4389] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4389] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4389] exit_group(0) = ? [pid 4389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4389, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./371/binderfs") = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4391 ./strace-static-x86_64: Process 4391 attached [pid 4391] chdir("./372") = 0 [pid 4391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4391] setpgid(0, 0) = 0 [pid 4391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4391] write(3, "1000", 4) = 4 [pid 4391] close(3) = 0 [pid 4391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4391] memfd_create("syzkaller", 0) = 3 [pid 4391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4391] munmap(0x7eff5e600000, 2097152) = 0 [pid 4391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4391] close(3) = 0 [pid 4391] mkdir("./file0", 0777) = 0 [pid 4391] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 166.158355][ T4391] loop0: detected capacity change from 0 to 4096 [ 166.174457][ T4391] NILFS (loop0): invalid segment: Checksum error in segment payload [ 166.182737][ T4391] NILFS (loop0): trying rollback from an earlier position [ 166.195776][ T4391] NILFS (loop0): recovery complete [pid 4391] chdir("./file0") = 0 [pid 4391] ioctl(4, LOOP_CLR_FD) = 0 [pid 4391] close(4) = 0 [pid 4391] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4391] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4391] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 166.202238][ T4392] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 166.215098][ T27] audit: type=1800 audit(1670141655.497:374): pid=4391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4391] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4391] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4391] exit_group(0) = ? [pid 4391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4391, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./372/binderfs") = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4393 ./strace-static-x86_64: Process 4393 attached [pid 4393] chdir("./373") = 0 [pid 4393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4393] setpgid(0, 0) = 0 [pid 4393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4393] write(3, "1000", 4) = 4 [pid 4393] close(3) = 0 [pid 4393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4393] memfd_create("syzkaller", 0) = 3 [pid 4393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4393] munmap(0x7eff5e600000, 2097152) = 0 [pid 4393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4393] close(3) = 0 [pid 4393] mkdir("./file0", 0777) = 0 [pid 4393] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4393] chdir("./file0") = 0 [pid 4393] ioctl(4, LOOP_CLR_FD) = 0 [ 166.471683][ T4393] loop0: detected capacity change from 0 to 4096 [ 166.486848][ T4393] NILFS (loop0): invalid segment: Checksum error in segment payload [ 166.495024][ T4393] NILFS (loop0): trying rollback from an earlier position [ 166.508627][ T4393] NILFS (loop0): recovery complete [pid 4393] close(4) = 0 [pid 4393] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4393] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4393] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 166.516786][ T4394] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 166.525737][ T27] audit: type=1800 audit(1670141655.797:375): pid=4393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4393] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4393] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4393] exit_group(0) = ? [pid 4393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4393, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./373/binderfs") = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4395 ./strace-static-x86_64: Process 4395 attached [pid 4395] chdir("./374") = 0 [pid 4395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4395] setpgid(0, 0) = 0 [pid 4395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4395] write(3, "1000", 4) = 4 [pid 4395] close(3) = 0 [pid 4395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4395] memfd_create("syzkaller", 0) = 3 [pid 4395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4395] munmap(0x7eff5e600000, 2097152) = 0 [pid 4395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4395] close(3) = 0 [pid 4395] mkdir("./file0", 0777) = 0 [ 166.773110][ T4395] loop0: detected capacity change from 0 to 4096 [ 166.788966][ T4395] NILFS (loop0): invalid segment: Checksum error in segment payload [ 166.797064][ T4395] NILFS (loop0): trying rollback from an earlier position [ 166.811583][ T4395] NILFS (loop0): recovery complete [pid 4395] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4395] chdir("./file0") = 0 [pid 4395] ioctl(4, LOOP_CLR_FD) = 0 [pid 4395] close(4) = 0 [pid 4395] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4395] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4395] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 166.817682][ T4396] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 166.834301][ T27] audit: type=1800 audit(1670141656.117:376): pid=4395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4395] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4395] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4395] exit_group(0) = ? [pid 4395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4395, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./374/binderfs") = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4397 ./strace-static-x86_64: Process 4397 attached [pid 4397] chdir("./375") = 0 [pid 4397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4397] setpgid(0, 0) = 0 [pid 4397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4397] write(3, "1000", 4) = 4 [pid 4397] close(3) = 0 [pid 4397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4397] memfd_create("syzkaller", 0) = 3 [pid 4397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4397] munmap(0x7eff5e600000, 2097152) = 0 [pid 4397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4397] close(3) = 0 [pid 4397] mkdir("./file0", 0777) = 0 [ 167.081472][ T4397] loop0: detected capacity change from 0 to 4096 [ 167.096445][ T4397] NILFS (loop0): invalid segment: Checksum error in segment payload [ 167.104781][ T4397] NILFS (loop0): trying rollback from an earlier position [ 167.117686][ T4397] NILFS (loop0): recovery complete [pid 4397] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4397] chdir("./file0") = 0 [pid 4397] ioctl(4, LOOP_CLR_FD) = 0 [pid 4397] close(4) = 0 [pid 4397] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4397] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4397] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 167.124277][ T4398] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 167.148083][ T27] audit: type=1800 audit(1670141656.437:377): pid=4397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor269" name="bus" dev="loop0" ino=12 res=0 errno=0 [pid 4397] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4397] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4397] exit_group(0) = ? [pid 4397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4397, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./375/binderfs") = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4399 ./strace-static-x86_64: Process 4399 attached [pid 4399] chdir("./376") = 0 [pid 4399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4399] setpgid(0, 0) = 0 [pid 4399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4399] write(3, "1000", 4) = 4 [pid 4399] close(3) = 0 [pid 4399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4399] memfd_create("syzkaller", 0) = 3 [pid 4399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4399] munmap(0x7eff5e600000, 2097152) = 0 [pid 4399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4399] close(3) = 0 [pid 4399] mkdir("./file0", 0777) = 0 [ 167.389093][ T4399] loop0: detected capacity change from 0 to 4096 [ 167.405309][ T4399] NILFS (loop0): invalid segment: Checksum error in segment payload [ 167.413336][ T4399] NILFS (loop0): trying rollback from an earlier position [ 167.426853][ T4399] NILFS (loop0): recovery complete [pid 4399] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4399] chdir("./file0") = 0 [pid 4399] ioctl(4, LOOP_CLR_FD) = 0 [pid 4399] close(4) = 0 [pid 4399] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4399] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 167.433269][ T4400] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4399] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4399] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4399] exit_group(0) = ? [pid 4399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4399, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./376/binderfs") = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4401 ./strace-static-x86_64: Process 4401 attached [pid 4401] chdir("./377") = 0 [pid 4401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4401] setpgid(0, 0) = 0 [pid 4401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4401] write(3, "1000", 4) = 4 [pid 4401] close(3) = 0 [pid 4401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4401] memfd_create("syzkaller", 0) = 3 [pid 4401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4401] munmap(0x7eff5e600000, 2097152) = 0 [pid 4401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4401] close(3) = 0 [pid 4401] mkdir("./file0", 0777) = 0 [ 167.691509][ T4401] loop0: detected capacity change from 0 to 4096 [ 167.708680][ T4401] NILFS (loop0): invalid segment: Checksum error in segment payload [ 167.716739][ T4401] NILFS (loop0): trying rollback from an earlier position [ 167.731152][ T4401] NILFS (loop0): recovery complete [pid 4401] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4401] chdir("./file0") = 0 [pid 4401] ioctl(4, LOOP_CLR_FD) = 0 [pid 4401] close(4) = 0 [pid 4401] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4401] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4401] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 167.737391][ T4402] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4401] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4401] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4401] exit_group(0) = ? [pid 4401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4401, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./377/binderfs") = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4403 ./strace-static-x86_64: Process 4403 attached [pid 4403] chdir("./378") = 0 [pid 4403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4403] setpgid(0, 0) = 0 [pid 4403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4403] write(3, "1000", 4) = 4 [pid 4403] close(3) = 0 [pid 4403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4403] memfd_create("syzkaller", 0) = 3 [pid 4403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4403] munmap(0x7eff5e600000, 2097152) = 0 [pid 4403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4403] close(3) = 0 [pid 4403] mkdir("./file0", 0777) = 0 [pid 4403] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4403] chdir("./file0") = 0 [pid 4403] ioctl(4, LOOP_CLR_FD) = 0 [pid 4403] close(4) = 0 [ 167.992274][ T4403] loop0: detected capacity change from 0 to 4096 [ 168.008175][ T4403] NILFS (loop0): invalid segment: Checksum error in segment payload [ 168.016227][ T4403] NILFS (loop0): trying rollback from an earlier position [ 168.029384][ T4403] NILFS (loop0): recovery complete [pid 4403] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4403] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4403] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 168.035255][ T4404] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4403] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4403] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4403] exit_group(0) = ? [pid 4403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4403, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./378/binderfs") = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4405 attached [pid 4405] chdir("./379") = 0 [pid 4405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4405] setpgid(0, 0) = 0 [pid 3638] <... clone resumed>, child_tidptr=0x5555555775d0) = 4405 [pid 4405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4405] write(3, "1000", 4) = 4 [pid 4405] close(3) = 0 [pid 4405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4405] memfd_create("syzkaller", 0) = 3 [pid 4405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4405] munmap(0x7eff5e600000, 2097152) = 0 [pid 4405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4405] close(3) = 0 [pid 4405] mkdir("./file0", 0777) = 0 [pid 4405] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4405] chdir("./file0") = 0 [pid 4405] ioctl(4, LOOP_CLR_FD) = 0 [pid 4405] close(4) = 0 [pid 4405] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [ 168.288291][ T4405] loop0: detected capacity change from 0 to 4096 [ 168.304327][ T4405] NILFS (loop0): invalid segment: Checksum error in segment payload [ 168.312607][ T4405] NILFS (loop0): trying rollback from an earlier position [ 168.325752][ T4405] NILFS (loop0): recovery complete [pid 4405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4405] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 168.331794][ T4406] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4405] sendfile(4, 5, NULL, 140737974943952) = 899872 [pid 4405] openat(-1, "hugetlb.1GB.rsvd.failcnt", O_RDWR) = -1 EBADF (Bad file descriptor) [pid 4405] exit_group(0) = ? [pid 4405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4405, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555578620 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./379/binderfs") = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555580660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555580660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file0") = 0 getdents64(3, 0x555555578620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555775d0) = 4407 ./strace-static-x86_64: Process 4407 attached [pid 4407] chdir("./380") = 0 [pid 4407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4407] setpgid(0, 0) = 0 [pid 4407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4407] write(3, "1000", 4) = 4 [pid 4407] close(3) = 0 [pid 4407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4407] memfd_create("syzkaller", 0) = 3 [pid 4407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff5e600000 [pid 4407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 4407] munmap(0x7eff5e600000, 2097152) = 0 [pid 4407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4407] close(3) = 0 [pid 4407] mkdir("./file0", 0777) = 0 [ 168.580630][ T4407] loop0: detected capacity change from 0 to 4096 [ 168.596063][ T4407] NILFS (loop0): invalid segment: Checksum error in segment payload [ 168.604104][ T4407] NILFS (loop0): trying rollback from an earlier position [ 168.617436][ T4407] NILFS (loop0): recovery complete [pid 4407] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_POSIXACL, "") = 0 [pid 4407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4407] chdir("./file0") = 0 [pid 4407] ioctl(4, LOOP_CLR_FD) = 0 [pid 4407] close(4) = 0 [pid 4407] mount(NULL, NULL, NULL, MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_MANDLOCK|MS_POSIXACL|MS_SHARED, NULL) = -1 EFAULT (Bad address) [pid 4407] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4407] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [ 168.623643][ T4408] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.656609][ T4408] ------------[ cut here ]------------ [ 168.662645][ T4408] WARNING: CPU: 0 PID: 4408 at fs/nilfs2/btree.c:2273 nilfs_btree_assign+0xa75/0xd00 [ 168.672521][ T4408] Modules linked in: [ 168.676421][ T4408] CPU: 0 PID: 4408 Comm: segctord Not tainted 6.1.0-rc7-syzkaller-00200-gc2bf05db6c78 #0 [ 168.686798][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 168.697336][ T4408] RIP: 0010:nilfs_btree_assign+0xa75/0xd00 [ 168.703179][ T4408] Code: 00 0f 85 a4 02 00 00 44 89 f8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 47 f0 3e fe 4c 8b 74 24 38 eb a5 e8 3b f0 3e fe <0f> 0b 41 bf fe ff ff ff 4c 8b 74 24 38 eb 91 44 89 f9 80 e1 07 80 [ 168.723460][ T4408] RSP: 0018:ffffc9000499f540 EFLAGS: 00010293 [ 168.729852][ T4408] RAX: ffffffff834ba9f5 RBX: ffff8880708ce030 RCX: ffff888022393a80 [ 168.738195][ T4408] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe [ 168.746178][ T4408] RBP: ffffc9000499f670 R08: ffffffff834ba35f R09: ffffed100d816f40 [ 168.754481][ T4408] R10: ffffed100d816f40 R11: 1ffff1100d816f3f R12: ffff888026efad00 [ 168.762651][ T4408] R13: dffffc0000000000 R14: 0000000000000001 R15: 00000000fffffffe [ 168.770822][ T4408] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 168.779940][ T4408] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 168.786606][ T4408] CR2: 00007fff30aa0000 CR3: 0000000028153000 CR4: 00000000003506f0 [ 168.794950][ T4408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 168.803124][ T4408] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 168.811311][ T4408] Call Trace: [ 168.814588][ T4408] [ 168.817720][ T4408] ? down_write+0x1a5/0x270 [ 168.822341][ T4408] ? nilfs_btree_lookup_dirty_buffers+0x1020/0x1020 [ 168.829432][ T4408] ? down_read_killable+0x80/0x80 [ 168.834471][ T4408] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 168.840730][ T4408] ? __getblk_gfp+0x1f4/0x290 [ 168.845457][ T4408] nilfs_bmap_assign+0x87/0x150 [ 168.850551][ T4408] nilfs_segctor_do_construct+0x38c2/0x6f80 [ 168.856520][ T4408] ? nilfs_transaction_unlock+0x210/0x210 [ 168.862541][ T4408] ? rcu_read_lock_sched_held+0x87/0x110 [ 168.868347][ T4408] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 168.874326][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 168.879984][ T4408] ? trace_lock_release+0x95/0x220 [ 168.885137][ T4408] ? __up_read+0x690/0x690 [ 168.889773][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 168.895239][ T4408] ? do_raw_spin_lock+0x148/0x360 [ 168.900488][ T4408] ? __lock_acquire+0x1f60/0x1f60 [ 168.905512][ T4408] ? do_raw_spin_unlock+0x134/0x8a0 [ 168.911022][ T4408] ? _raw_spin_unlock+0x24/0x40 [ 168.915877][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 168.921579][ T4408] nilfs_segctor_construct+0x143/0x8d0 [ 168.927057][ T4408] ? trace_nilfs2_transaction_transition+0xec/0x2e0 [ 168.933914][ T4408] nilfs_segctor_thread+0x59e/0x11c0 [ 168.939654][ T4408] ? nilfs_construction_timeout+0x40/0x40 [ 168.945414][ T4408] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 168.951534][ T4408] ? _raw_spin_unlock+0x40/0x40 [ 168.956384][ T4408] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 168.962528][ T4408] ? _raw_spin_unlock+0x40/0x40 [ 168.967571][ T4408] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 168.973636][ T4408] ? __kthread_parkme+0x166/0x1c0 [ 168.979036][ T4408] kthread+0x266/0x300 [ 168.983113][ T4408] ? nilfs_construction_timeout+0x40/0x40 [ 168.989112][ T4408] ? kthread_blkcg+0xd0/0xd0 [ 168.993718][ T4408] ret_from_fork+0x1f/0x30 [ 168.998381][ T4408] [ 169.001395][ T4408] Kernel panic - not syncing: panic_on_warn set ... [ 169.008058][ T4408] CPU: 0 PID: 4408 Comm: segctord Not tainted 6.1.0-rc7-syzkaller-00200-gc2bf05db6c78 #0 [ 169.017845][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 169.027894][ T4408] Call Trace: [ 169.031162][ T4408] [ 169.034078][ T4408] dump_stack_lvl+0x1b1/0x28e [ 169.038773][ T4408] ? nf_tcp_handle_invalid+0x62e/0x62e [ 169.044238][ T4408] ? panic+0x710/0x710 [ 169.048324][ T4408] ? vscnprintf+0x59/0x80 [ 169.052656][ T4408] ? nilfs_btree_assign+0x980/0xd00 [ 169.057868][ T4408] panic+0x2d6/0x710 [ 169.061770][ T4408] ? __warn+0x131/0x220 [ 169.065983][ T4408] ? memcpy_page_flushcache+0xfc/0xfc [ 169.071360][ T4408] ? ret_from_fork+0x1f/0x30 [ 169.075950][ T4408] ? nilfs_btree_assign+0xa75/0xd00 [ 169.081149][ T4408] __warn+0x1fa/0x220 [ 169.085130][ T4408] ? nilfs_btree_assign+0xa75/0xd00 [ 169.090322][ T4408] report_bug+0x1b3/0x2d0 [ 169.094668][ T4408] handle_bug+0x3d/0x70 [ 169.098822][ T4408] exc_invalid_op+0x16/0x40 [ 169.103316][ T4408] asm_exc_invalid_op+0x16/0x20 [ 169.108245][ T4408] RIP: 0010:nilfs_btree_assign+0xa75/0xd00 [ 169.114046][ T4408] Code: 00 0f 85 a4 02 00 00 44 89 f8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 47 f0 3e fe 4c 8b 74 24 38 eb a5 e8 3b f0 3e fe <0f> 0b 41 bf fe ff ff ff 4c 8b 74 24 38 eb 91 44 89 f9 80 e1 07 80 [ 169.133643][ T4408] RSP: 0018:ffffc9000499f540 EFLAGS: 00010293 [ 169.139704][ T4408] RAX: ffffffff834ba9f5 RBX: ffff8880708ce030 RCX: ffff888022393a80 [ 169.147668][ T4408] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe [ 169.155630][ T4408] RBP: ffffc9000499f670 R08: ffffffff834ba35f R09: ffffed100d816f40 [ 169.163593][ T4408] R10: ffffed100d816f40 R11: 1ffff1100d816f3f R12: ffff888026efad00 [ 169.171563][ T4408] R13: dffffc0000000000 R14: 0000000000000001 R15: 00000000fffffffe [ 169.179884][ T4408] ? nilfs_btree_assign+0x3df/0xd00 [ 169.185078][ T4408] ? nilfs_btree_assign+0xa75/0xd00 [ 169.190287][ T4408] ? down_write+0x1a5/0x270 [ 169.194785][ T4408] ? nilfs_btree_lookup_dirty_buffers+0x1020/0x1020 [ 169.201369][ T4408] ? down_read_killable+0x80/0x80 [ 169.206652][ T4408] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 169.212627][ T4408] ? __getblk_gfp+0x1f4/0x290 [ 169.217315][ T4408] nilfs_bmap_assign+0x87/0x150 [ 169.222168][ T4408] nilfs_segctor_do_construct+0x38c2/0x6f80 [ 169.228120][ T4408] ? nilfs_transaction_unlock+0x210/0x210 [ 169.233839][ T4408] ? rcu_read_lock_sched_held+0x87/0x110 [ 169.239465][ T4408] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 169.245447][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 169.250904][ T4408] ? trace_lock_release+0x95/0x220 [ 169.256017][ T4408] ? __up_read+0x690/0x690 [ 169.260424][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 169.265883][ T4408] ? do_raw_spin_lock+0x148/0x360 [ 169.270903][ T4408] ? __lock_acquire+0x1f60/0x1f60 [ 169.275927][ T4408] ? do_raw_spin_unlock+0x134/0x8a0 [ 169.281138][ T4408] ? _raw_spin_unlock+0x24/0x40 [ 169.286163][ T4408] ? nilfs_segctor_confirm+0x24b/0x2d0 [ 169.291623][ T4408] nilfs_segctor_construct+0x143/0x8d0 [ 169.297090][ T4408] ? trace_nilfs2_transaction_transition+0xec/0x2e0 [ 169.303679][ T4408] nilfs_segctor_thread+0x59e/0x11c0 [ 169.308994][ T4408] ? nilfs_construction_timeout+0x40/0x40 [ 169.314712][ T4408] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 169.320604][ T4408] ? _raw_spin_unlock+0x40/0x40 [ 169.325454][ T4408] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 169.331350][ T4408] ? _raw_spin_unlock+0x40/0x40 [ 169.336198][ T4408] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 169.342176][ T4408] ? __kthread_parkme+0x166/0x1c0 [ 169.347202][ T4408] kthread+0x266/0x300 [ 169.351264][ T4408] ? nilfs_construction_timeout+0x40/0x40 [ 169.356984][ T4408] ? kthread_blkcg+0xd0/0xd0 [ 169.361573][ T4408] ret_from_fork+0x1f/0x30 [ 169.365997][ T4408] [ 169.369079][ T4408] Kernel Offset: disabled [ 169.373503][ T4408] Rebooting in 86400 seconds..