./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor274516076 <...> [ 3.531984][ T24] audit: type=1400 audit(1741443457.569:9): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.535090][ T24] audit: type=1400 audit(1741443457.569:10): avc: denied { getattr } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.880141][ T94] udevd[94]: starting version 3.2.11 [ 3.972618][ T95] udevd[95]: starting eudev-3.2.11 [ 11.666471][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 11.666481][ T24] audit: type=1400 audit(1741443465.719:61): avc: denied { transition } for pid=217 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.670923][ T24] audit: type=1400 audit(1741443465.719:62): avc: denied { noatsecure } for pid=217 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.673907][ T24] audit: type=1400 audit(1741443465.719:63): avc: denied { write } for pid=217 comm="sh" path="pipe:[932]" dev="pipefs" ino=932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.677433][ T24] audit: type=1400 audit(1741443465.719:64): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.680509][ T24] audit: type=1400 audit(1741443465.719:65): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. execve("./syz-executor274516076", ["./syz-executor274516076"], 0x7ffd02c44b30 /* 10 vars */) = 0 brk(NULL) = 0x5555748ae000 brk(0x5555748aed00) = 0x5555748aed00 arch_prctl(ARCH_SET_FS, 0x5555748ae380) = 0 set_tid_address(0x5555748ae650) = 287 set_robust_list(0x5555748ae660, 24) = 0 rseq(0x5555748aeca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor274516076", 4096) = 27 getrandom("\x81\xd4\x39\xeb\x51\xbc\x8a\xf2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555748aed00 brk(0x5555748cfd00) = 0x5555748cfd00 brk(0x5555748d0000) = 0x5555748d0000 mprotect(0x7faabcb29000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.QRN1Ip", 0700) = 0 chmod("./syzkaller.QRN1Ip", 0777) = 0 chdir("./syzkaller.QRN1Ip") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 288 ./strace-static-x86_64: Process 288 attached [pid 288] set_robust_list(0x5555748ae660, 24) = 0 [pid 288] chdir("./0") = 0 [pid 288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 288] setpgid(0, 0) = 0 [pid 288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 288] write(3, "1000", 4) = 4 [pid 288] close(3) = 0 [pid 288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 288] write(1, "executing program\n", 18executing program ) = 18 [pid 288] memfd_create("syzkaller", 0) = 3 [pid 288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 20.556651][ T24] audit: type=1400 audit(1741443474.609:66): avc: denied { execmem } for pid=287 comm="syz-executor274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.563719][ T24] audit: type=1400 audit(1741443474.609:67): avc: denied { read write } for pid=287 comm="syz-executor274" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.567655][ T24] audit: type=1400 audit(1741443474.609:68): avc: denied { open } for pid=287 comm="syz-executor274" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.571606][ T24] audit: type=1400 audit(1741443474.619:69): avc: denied { ioctl } for pid=287 comm="syz-executor274" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 288] munmap(0x7faab4671000, 138412032) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 288] close(3) = 0 [pid 288] close(4) = 0 [pid 288] mkdir("./bus", 0777) = 0 [ 20.697136][ T24] audit: type=1400 audit(1741443474.749:70): avc: denied { mounton } for pid=288 comm="syz-executor274" path="/root/syzkaller.QRN1Ip/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.711424][ T288] F2FS-fs (loop0): invalid crc value [ 20.727544][ T288] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 20.747366][ T288] F2FS-fs (loop0): recover fsync data on readonly fs [ 20.753984][ T288] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 20.760530][ T288] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 288] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = 0 [pid 288] close(3) = 0 [pid 288] memfd_create("syzkaller", 0) = 3 [pid 288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 288] munmap(0x7faab4671000, 138412032) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 288] close(3) = 0 [pid 288] close(4) = 0 [pid 288] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 288] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 288] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 288] chdir("./bus") = 0 [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 288] ioctl(4, LOOP_CLR_FD) = 0 [pid 288] close(4) = 0 [pid 288] exit_group(0) = ? [pid 288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=288, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 20.917506][ T288] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 20.926364][ T24] audit: type=1400 audit(1741443474.979:71): avc: denied { mount } for pid=288 comm="syz-executor274" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.926388][ T288] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 20.960156][ T24] audit: type=1400 audit(1741443474.979:72): avc: denied { unmount } for pid=287 comm="syz-executor274" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x5555748ae660, 24) = 0 [pid 295] chdir("./1") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] memfd_create("syzkaller", 0) = 3 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 295] munmap(0x7faab4671000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 295] close(3) = 0 [pid 295] close(4) = 0 [pid 295] mkdir("./bus", 0777) = 0 [pid 295] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 21.183922][ T295] F2FS-fs (loop0): invalid crc value [ 21.189762][ T295] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 21.209030][ T295] F2FS-fs (loop0): recover fsync data on readonly fs [ 21.215587][ T295] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 21.222138][ T295] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 295] ioctl(3, LOOP_CLR_FD) = 0 [pid 295] close(3) = 0 [pid 295] memfd_create("syzkaller", 0) = 3 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 295] munmap(0x7faab4671000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 295] close(3) = 0 [pid 295] close(4) = 0 [pid 295] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 295] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 295] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 295] chdir("./bus") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 295] ioctl(4, LOOP_CLR_FD) = 0 [pid 295] close(4) = 0 [pid 295] exit_group(0) = ? [pid 295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=3, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 21.327606][ T295] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.336733][ T295] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/1/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x5555748ae660, 24) = 0 [pid 300] chdir("./2") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 300] munmap(0x7faab4671000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./bus", 0777) = 0 [ 21.570466][ T300] F2FS-fs (loop0): invalid crc value [ 21.576718][ T300] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 21.595523][ T300] F2FS-fs (loop0): recover fsync data on readonly fs [ 21.602145][ T300] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 21.608694][ T300] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 300] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = 0 [pid 300] close(3) = 0 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7faab4671000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 300] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./bus") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 21.767519][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.776272][ T300] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/2/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x5555748ae660, 24) = 0 [pid 306] chdir("./3") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 306] munmap(0x7faab4671000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./bus", 0777) = 0 [ 21.954162][ T306] F2FS-fs (loop0): invalid crc value [ 21.959974][ T306] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 21.979077][ T306] F2FS-fs (loop0): recover fsync data on readonly fs [ 21.985609][ T306] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 21.992124][ T306] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 306] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 306] ioctl(3, LOOP_CLR_FD) = 0 [pid 306] close(3) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] munmap(0x7faab4671000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 306] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./bus") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=1, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 22.107415][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.116272][ T306] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/3/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x5555748ae660, 24) = 0 [pid 311] chdir("./4") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] write(1, "executing program\n", 18) = 18 [pid 311] memfd_create("syzkaller", 0) = 3 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 311] munmap(0x7faab4671000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 311] close(3) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./bus", 0777) = 0 [ 22.292538][ T311] F2FS-fs (loop0): invalid crc value [ 22.298949][ T311] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 22.318070][ T311] F2FS-fs (loop0): recover fsync data on readonly fs [ 22.324601][ T311] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 22.331121][ T311] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 311] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 311] ioctl(3, LOOP_CLR_FD) = 0 [pid 311] close(3) = 0 [pid 311] memfd_create("syzkaller", 0) = 3 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 311] munmap(0x7faab4671000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 311] close(3) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 311] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 311] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./bus") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_CLR_FD) = 0 [pid 311] close(4) = 0 [pid 311] exit_group(0) = ? [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 22.487347][ T311] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.496097][ T311] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/4/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 317 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x5555748ae660, 24) = 0 [pid 317] chdir("./5") = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 317] write(1, "executing program\n", 18) = 18 [pid 317] memfd_create("syzkaller", 0) = 3 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 317] munmap(0x7faab4671000, 138412032) = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 317] close(3) = 0 [pid 317] close(4) = 0 [pid 317] mkdir("./bus", 0777) = 0 [ 22.698879][ T317] F2FS-fs (loop0): invalid crc value [ 22.704782][ T317] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 22.724076][ T317] F2FS-fs (loop0): recover fsync data on readonly fs [ 22.730659][ T317] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 22.737024][ T317] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 317] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 317] ioctl(3, LOOP_CLR_FD) = 0 [pid 317] close(3) = 0 [pid 317] memfd_create("syzkaller", 0) = 3 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 317] munmap(0x7faab4671000, 138412032) = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 317] close(3) = 0 [pid 317] close(4) = 0 [pid 317] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 317] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 317] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 317] chdir("./bus") = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_CLR_FD) = 0 [pid 317] close(4) = 0 [pid 317] exit_group(0) = ? [pid 317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 22.867273][ T317] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.875992][ T317] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/5/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x5555748ae660, 24) = 0 [pid 322] chdir("./6") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 322] munmap(0x7faab4671000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./bus", 0777) = 0 [ 23.051260][ T322] F2FS-fs (loop0): invalid crc value [ 23.057169][ T322] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 23.076282][ T322] F2FS-fs (loop0): recover fsync data on readonly fs [ 23.082818][ T322] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 23.089716][ T322] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 322] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 322] ioctl(3, LOOP_CLR_FD) = 0 [pid 322] close(3) = 0 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 322] munmap(0x7faab4671000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 322] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./bus") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 23.217713][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.226611][ T322] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/6/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x5555748ae660, 24) = 0 [pid 327] chdir("./7") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18executing program ) = 18 [pid 327] memfd_create("syzkaller", 0) = 3 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 327] munmap(0x7faab4671000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 327] close(3) = 0 [pid 327] close(4) = 0 [pid 327] mkdir("./bus", 0777) = 0 [ 23.551658][ T327] F2FS-fs (loop0): invalid crc value [ 23.557563][ T327] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 23.576714][ T327] F2FS-fs (loop0): recover fsync data on readonly fs [ 23.583359][ T327] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 23.589803][ T327] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 327] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = 0 [pid 327] close(3) = 0 [pid 327] memfd_create("syzkaller", 0) = 3 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 327] munmap(0x7faab4671000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 327] close(3) = 0 [pid 327] close(4) = 0 [pid 327] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 327] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 327] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 327] chdir("./bus") = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 327] ioctl(4, LOOP_CLR_FD) = 0 [pid 327] close(4) = 0 [pid 327] exit_group(0) = ? [pid 327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 23.737278][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.745991][ T327] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/7/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x5555748ae660, 24) = 0 [pid 333] chdir("./8") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] write(1, "executing program\n", 18executing program ) = 18 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 333] munmap(0x7faab4671000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./bus", 0777) = 0 [ 23.968203][ T333] F2FS-fs (loop0): invalid crc value [ 23.974131][ T333] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 23.994928][ T333] F2FS-fs (loop0): recover fsync data on readonly fs [ 24.001528][ T333] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 24.007963][ T333] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 333] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 333] ioctl(3, LOOP_CLR_FD) = 0 [pid 333] close(3) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 333] munmap(0x7faab4671000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 333] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 333] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./bus") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] exit_group(0) = ? [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x5555748ae660, 24) = 0 [pid 338] chdir("./9") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 24.187322][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.196163][ T333] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 338] munmap(0x7faab4671000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("./bus", 0777) = 0 [ 24.348961][ T338] F2FS-fs (loop0): invalid crc value [ 24.355059][ T338] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 24.374541][ T338] F2FS-fs (loop0): recover fsync data on readonly fs [ 24.381179][ T338] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 24.387584][ T338] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 338] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 338] ioctl(3, LOOP_CLR_FD) = 0 [pid 338] close(3) = 0 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 338] munmap(0x7faab4671000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 338] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 338] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("./bus") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] exit_group(0) = ? [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 24.557309][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.566189][ T338] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/9/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x5555748ae660, 24) = 0 [pid 344] chdir("./10") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18) = 18 [pid 344] memfd_create("syzkaller", 0) = 3 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 344] munmap(0x7faab4671000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 344] close(3) = 0 [pid 344] close(4) = 0 [pid 344] mkdir("./bus", 0777) = 0 [ 24.828516][ T344] F2FS-fs (loop0): invalid crc value [ 24.834317][ T344] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 24.853461][ T344] F2FS-fs (loop0): recover fsync data on readonly fs [ 24.860058][ T344] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 24.866651][ T344] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 344] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 344] ioctl(3, LOOP_CLR_FD) = 0 [pid 344] close(3) = 0 [pid 344] memfd_create("syzkaller", 0) = 3 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 344] munmap(0x7faab4671000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 344] close(3) = 0 [pid 344] close(4) = 0 [pid 344] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 344] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 344] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 344] chdir("./bus") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_CLR_FD) = 0 [pid 344] close(4) = 0 [pid 344] exit_group(0) = ? [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x5555748ae660, 24) = 0 [pid 349] chdir("./11") = 0 executing program [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 25.017666][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.026439][ T344] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/10/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 349] munmap(0x7faab4671000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 349] close(3) = 0 [pid 349] close(4) = 0 [pid 349] mkdir("./bus", 0777) = 0 [ 25.193693][ T349] F2FS-fs (loop0): invalid crc value [ 25.199674][ T349] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 25.220397][ T349] F2FS-fs (loop0): recover fsync data on readonly fs [ 25.227052][ T349] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 25.233513][ T349] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 349] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 349] ioctl(3, LOOP_CLR_FD) = 0 [pid 349] close(3) = 0 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 349] munmap(0x7faab4671000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 349] close(3) = 0 [pid 349] close(4) = 0 [pid 349] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 349] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 349] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./bus") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] exit_group(0) = ? [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.367706][ T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.376950][ T349] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/11/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 355 attached , child_tidptr=0x5555748ae650) = 355 [pid 355] set_robust_list(0x5555748ae660, 24) = 0 [pid 355] chdir("./12") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] memfd_create("syzkaller", 0) = 3 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 355] munmap(0x7faab4671000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 355] close(3) = 0 [pid 355] close(4) = 0 [pid 355] mkdir("./bus", 0777) = 0 [pid 355] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 25.620091][ T355] F2FS-fs (loop0): invalid crc value [ 25.626061][ T355] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 25.645233][ T355] F2FS-fs (loop0): recover fsync data on readonly fs [ 25.652034][ T355] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 25.658457][ T355] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 355] ioctl(3, LOOP_CLR_FD) = 0 [pid 355] close(3) = 0 [pid 355] memfd_create("syzkaller", 0) = 3 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 355] munmap(0x7faab4671000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 355] close(3) = 0 [pid 355] close(4) = 0 [pid 355] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 355] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 355] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 355] chdir("./bus") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_CLR_FD) = 0 [pid 355] close(4) = 0 [pid 355] exit_group(0) = ? [pid 355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 25.767244][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.776006][ T355] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/12/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x5555748ae660, 24) = 0 [pid 287] <... clone resumed>, child_tidptr=0x5555748ae650) = 360 [pid 360] chdir("./13") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] write(1, "executing program\n", 18executing program ) = 18 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 360] munmap(0x7faab4671000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./bus", 0777) = 0 [ 26.001830][ T360] F2FS-fs (loop0): invalid crc value [ 26.007881][ T360] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 26.027523][ T360] F2FS-fs (loop0): recover fsync data on readonly fs [ 26.034190][ T360] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 26.040995][ T360] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 360] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = 0 [pid 360] close(3) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7faab4671000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 360] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./bus") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 26.177229][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.186043][ T360] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/13/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x5555748ae660, 24) = 0 [pid 365] chdir("./14"executing program ) = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] write(1, "executing program\n", 18) = 18 [pid 365] memfd_create("syzkaller", 0) = 3 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 365] munmap(0x7faab4671000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 365] close(3) = 0 [pid 365] close(4) = 0 [pid 365] mkdir("./bus", 0777) = 0 [ 26.419941][ T365] F2FS-fs (loop0): invalid crc value [ 26.425841][ T365] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 26.445275][ T365] F2FS-fs (loop0): recover fsync data on readonly fs [ 26.452049][ T365] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 26.458543][ T365] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 365] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 365] ioctl(3, LOOP_CLR_FD) = 0 [pid 365] close(3) = 0 [pid 365] memfd_create("syzkaller", 0) = 3 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 365] munmap(0x7faab4671000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 365] close(3) = 0 [pid 365] close(4) = 0 [pid 365] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 365] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 365] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 365] chdir("./bus") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 365] ioctl(4, LOOP_CLR_FD) = 0 [pid 365] close(4) = 0 [pid 365] exit_group(0) = ? [pid 365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=4, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.617375][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.626109][ T365] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/14/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x5555748ae660, 24) = 0 [pid 371] chdir("./15") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 executing program [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] write(1, "executing program\n", 18) = 18 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 371] munmap(0x7faab4671000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] close(4) = 0 [pid 371] mkdir("./bus", 0777) = 0 [ 26.812605][ T371] F2FS-fs (loop0): invalid crc value [ 26.818384][ T371] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 26.837720][ T371] F2FS-fs (loop0): recover fsync data on readonly fs [ 26.844339][ T371] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 26.850919][ T371] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 371] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 371] ioctl(3, LOOP_CLR_FD) = 0 [pid 371] close(3) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 371] munmap(0x7faab4671000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] close(4) = 0 [pid 371] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 371] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 371] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./bus") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] exit_group(0) = ? [pid 371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 26.967299][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.976141][ T371] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/15/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555748ae660, 24) = 0 [pid 376] chdir("./16") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] write(1, "executing program\n", 18) = 18 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 376] munmap(0x7faab4671000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 376] close(3) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("./bus", 0777) = 0 [pid 376] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 27.157967][ T376] F2FS-fs (loop0): invalid crc value [ 27.163861][ T376] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 27.183120][ T376] F2FS-fs (loop0): recover fsync data on readonly fs [ 27.189821][ T376] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 27.196257][ T376] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 376] ioctl(3, LOOP_CLR_FD) = 0 [pid 376] close(3) = 0 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 376] munmap(0x7faab4671000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 376] close(3) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 376] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 376] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 376] chdir("./bus") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_CLR_FD) = 0 [pid 376] close(4) = 0 [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 27.357213][ T376] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 27.365907][ T376] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/16/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555748ae660, 24) = 0 [pid 382] chdir("./17") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] write(1, "executing program\n", 18) = 18 executing program [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 382] munmap(0x7faab4671000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("./bus", 0777) = 0 [ 27.521118][ T382] F2FS-fs (loop0): invalid crc value [ 27.527103][ T382] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 27.546103][ T382] F2FS-fs (loop0): recover fsync data on readonly fs [ 27.552732][ T382] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 27.559273][ T382] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 382] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 382] ioctl(3, LOOP_CLR_FD) = 0 [pid 382] close(3) = 0 [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 382] munmap(0x7faab4671000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 382] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 382] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 382] chdir("./bus") = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_CLR_FD) = 0 [pid 382] close(4) = 0 [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 27.677211][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 27.685963][ T382] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/17/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x5555748ae660, 24) = 0 [pid 387] chdir("./18"executing program ) = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18) = 18 [pid 387] memfd_create("syzkaller", 0) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 387] munmap(0x7faab4671000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 387] close(3) = 0 [pid 387] close(4) = 0 [pid 387] mkdir("./bus", 0777) = 0 [ 27.892617][ T387] F2FS-fs (loop0): invalid crc value [ 27.898395][ T387] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 27.917489][ T387] F2FS-fs (loop0): recover fsync data on readonly fs [ 27.924065][ T387] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 27.930466][ T387] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 387] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 387] ioctl(3, LOOP_CLR_FD) = 0 [pid 387] close(3) = 0 [pid 387] memfd_create("syzkaller", 0) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 387] munmap(0x7faab4671000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 387] close(3) = 0 [pid 387] close(4) = 0 [pid 387] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 387] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 387] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 387] chdir("./bus") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_CLR_FD) = 0 [pid 387] close(4) = 0 [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 [ 28.047603][ T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.056440][ T387] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/18/bus supports timestamps until 2038-01-19 (0x7fffffff) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x5555748ae660, 24) = 0 [pid 392] chdir("./19") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 392] munmap(0x7faab4671000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] close(4) = 0 [pid 392] mkdir("./bus", 0777) = 0 [ 28.254090][ T392] F2FS-fs (loop0): invalid crc value [ 28.259979][ T392] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 28.279647][ T392] F2FS-fs (loop0): recover fsync data on readonly fs [ 28.286232][ T392] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 28.292581][ T392] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 392] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 392] ioctl(3, LOOP_CLR_FD) = 0 [pid 392] close(3) = 0 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 392] munmap(0x7faab4671000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] close(4) = 0 [pid 392] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 392] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 392] chdir("./bus") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_CLR_FD) = 0 [pid 392] close(4) = 0 [pid 392] exit_group(0) = ? [pid 392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=3, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 28.427406][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.436501][ T392] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/19/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x5555748ae660, 24) = 0 [pid 398] chdir("./20") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] write(1, "executing program\n", 18) = 18 [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 398] munmap(0x7faab4671000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 398] close(3) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("./bus", 0777) = 0 [ 28.689939][ T398] F2FS-fs (loop0): invalid crc value [ 28.695840][ T398] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 28.714892][ T398] F2FS-fs (loop0): recover fsync data on readonly fs [ 28.721465][ T398] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 28.727817][ T398] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 398] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 398] ioctl(3, LOOP_CLR_FD) = 0 [pid 398] close(3) = 0 [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 398] munmap(0x7faab4671000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 398] close(3) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 398] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 398] chdir("./bus") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4) = 0 [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 28.867301][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.876091][ T398] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/20/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x5555748ae660, 24) = 0 [pid 403] chdir("./21") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 403] write(1, "executing program\n", 18) = 18 [pid 403] memfd_create("syzkaller", 0) = 3 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 403] munmap(0x7faab4671000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 403] close(3) = 0 [pid 403] close(4) = 0 [pid 403] mkdir("./bus", 0777) = 0 [ 29.157237][ T403] F2FS-fs (loop0): invalid crc value [ 29.163086][ T403] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 29.182220][ T403] F2FS-fs (loop0): recover fsync data on readonly fs [ 29.188769][ T403] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 29.195115][ T403] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 403] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 403] ioctl(3, LOOP_CLR_FD) = 0 [pid 403] close(3) = 0 [pid 403] memfd_create("syzkaller", 0) = 3 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 403] munmap(0x7faab4671000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 403] close(3) = 0 [pid 403] close(4) = 0 [pid 403] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 403] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 403] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 403] chdir("./bus") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_CLR_FD) = 0 [pid 403] close(4) = 0 [pid 403] exit_group(0) = ? [pid 403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=403, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 29.317374][ T403] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 29.326132][ T403] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/21/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x5555748ae660, 24) = 0 [pid 408] chdir("./22") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18executing program ) = 18 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 408] munmap(0x7faab4671000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./bus", 0777) = 0 [ 29.467945][ T408] F2FS-fs (loop0): invalid crc value [ 29.473898][ T408] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 29.493052][ T408] F2FS-fs (loop0): recover fsync data on readonly fs [ 29.499766][ T408] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 29.506237][ T408] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 408] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 408] ioctl(3, LOOP_CLR_FD) = 0 [pid 408] close(3) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 408] munmap(0x7faab4671000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 408] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./bus") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] exit_group(0) = ? [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 29.647305][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 29.656070][ T408] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/22/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x5555748ae660, 24) = 0 [pid 414] chdir("./23") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18) = 18 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 414] munmap(0x7faab4671000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("./bus", 0777) = 0 [ 29.845324][ T414] F2FS-fs (loop0): invalid crc value [ 29.851115][ T414] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 29.870312][ T414] F2FS-fs (loop0): recover fsync data on readonly fs [ 29.877038][ T414] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 29.883420][ T414] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 414] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 414] ioctl(3, LOOP_CLR_FD) = 0 [pid 414] close(3) = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 414] munmap(0x7faab4671000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 414] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 414] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./bus") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] exit_group(0) = ? [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 30.047414][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 30.056167][ T414] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/23/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x5555748ae660, 24) = 0 [pid 419] chdir("./24") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 419] write(3, "1000", 4) = 4 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 419] write(1, "executing program\n", 18) = 18 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 419] munmap(0x7faab4671000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./bus", 0777) = 0 [ 30.213634][ T419] F2FS-fs (loop0): invalid crc value [ 30.219594][ T419] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 30.239005][ T419] F2FS-fs (loop0): recover fsync data on readonly fs [ 30.245552][ T419] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 30.251993][ T419] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 419] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 419] ioctl(3, LOOP_CLR_FD) = 0 [pid 419] close(3) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 419] munmap(0x7faab4671000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 419] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 419] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./bus") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] exit_group(0) = ? [pid 419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x5555748ae660, 24) = 0 [pid 424] chdir("./25") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 424] write(1, "executing program\n", 18) = 18 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 30.377227][ T419] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 30.385931][ T419] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/24/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 424] munmap(0x7faab4671000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./bus", 0777) = 0 [ 30.558531][ T424] F2FS-fs (loop0): invalid crc value [ 30.564394][ T424] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 30.583535][ T424] F2FS-fs (loop0): recover fsync data on readonly fs [ 30.590234][ T424] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 30.596911][ T424] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 424] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 424] ioctl(3, LOOP_CLR_FD) = 0 [pid 424] close(3) = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 424] munmap(0x7faab4671000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 424] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 424] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./bus") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] exit_group(0) = ? [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 30.727267][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 30.735966][ T424] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/25/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x5555748ae660, 24) = 0 [pid 430] chdir("./26") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 430] munmap(0x7faab4671000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] close(4) = 0 [pid 430] mkdir("./bus", 0777) = 0 [ 30.936033][ T430] F2FS-fs (loop0): invalid crc value [ 30.941785][ T430] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 30.961178][ T430] F2FS-fs (loop0): recover fsync data on readonly fs [ 30.968228][ T430] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 30.974644][ T430] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 430] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 430] ioctl(3, LOOP_CLR_FD) = 0 [pid 430] close(3) = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 430] munmap(0x7faab4671000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] close(4) = 0 [pid 430] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 430] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("./bus") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 31.107248][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 31.116129][ T430] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/26/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x5555748ae660, 24) = 0 [pid 435] chdir("./27") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18) = 18 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 435] munmap(0x7faab4671000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./bus", 0777) = 0 [ 31.292102][ T435] F2FS-fs (loop0): invalid crc value [ 31.297863][ T435] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 31.317111][ T435] F2FS-fs (loop0): recover fsync data on readonly fs [ 31.323633][ T435] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 31.330069][ T435] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 435] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 435] ioctl(3, LOOP_CLR_FD) = 0 [pid 435] close(3) = 0 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 435] munmap(0x7faab4671000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 435] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 435] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./bus") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] exit_group(0) = ? [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 31.467296][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 31.475999][ T435] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/27/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x5555748ae660, 24) = 0 [pid 441] chdir("./28") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] write(1, "executing program\n", 18executing program ) = 18 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 441] munmap(0x7faab4671000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./bus", 0777) = 0 [pid 441] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 31.650330][ T441] F2FS-fs (loop0): invalid crc value [ 31.656246][ T441] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 31.675387][ T441] F2FS-fs (loop0): recover fsync data on readonly fs [ 31.682200][ T441] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 31.688627][ T441] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 441] ioctl(3, LOOP_CLR_FD) = 0 [pid 441] close(3) = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 441] munmap(0x7faab4671000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 441] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 441] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./bus") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] exit_group(0) = ? [pid 441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x5555748ae660, 24) = 0 [pid 446] chdir("./29") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] write(1, "executing program\n", 18executing program ) = 18 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 31.837463][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 31.846345][ T441] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/28/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 446] munmap(0x7faab4671000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] close(4) = 0 [pid 446] mkdir("./bus", 0777) = 0 [ 32.059351][ T446] F2FS-fs (loop0): invalid crc value [ 32.065384][ T446] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 32.084615][ T446] F2FS-fs (loop0): recover fsync data on readonly fs [ 32.091385][ T446] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 32.098100][ T446] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 446] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 446] ioctl(3, LOOP_CLR_FD) = 0 [pid 446] close(3) = 0 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 446] munmap(0x7faab4671000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] close(4) = 0 [pid 446] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 446] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 446] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./bus") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] exit_group(0) = ? [pid 446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 32.257333][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.266216][ T446] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/29/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x5555748ae660, 24) = 0 [pid 451] chdir("./30") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] write(1, "executing program\n", 18) = 18 [pid 451] memfd_create("syzkaller", 0) = 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 451] munmap(0x7faab4671000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 451] close(3) = 0 [pid 451] close(4) = 0 [pid 451] mkdir("./bus", 0777) = 0 [ 32.454234][ T451] F2FS-fs (loop0): invalid crc value [ 32.460001][ T451] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 32.479100][ T451] F2FS-fs (loop0): recover fsync data on readonly fs [ 32.485637][ T451] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 32.492504][ T451] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 451] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 451] ioctl(3, LOOP_CLR_FD) = 0 [pid 451] close(3) = 0 [pid 451] memfd_create("syzkaller", 0) = 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 451] munmap(0x7faab4671000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 451] close(3) = 0 [pid 451] close(4) = 0 [pid 451] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 451] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 451] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 451] chdir("./bus") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_CLR_FD) = 0 [pid 451] close(4) = 0 [pid 451] exit_group(0) = ? [pid 451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 32.617342][ T451] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.626342][ T451] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/30/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 457 ./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x5555748ae660, 24) = 0 [pid 457] chdir("./31") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 457] write(1, "executing program\n", 18executing program ) = 18 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 457] munmap(0x7faab4671000, 138412032) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] close(4) = 0 [pid 457] mkdir("./bus", 0777) = 0 [ 32.818777][ T457] F2FS-fs (loop0): invalid crc value [ 32.824673][ T457] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 32.843822][ T457] F2FS-fs (loop0): recover fsync data on readonly fs [ 32.850593][ T457] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 32.857081][ T457] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 457] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 457] ioctl(3, LOOP_CLR_FD) = 0 [pid 457] close(3) = 0 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 457] munmap(0x7faab4671000, 138412032) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] close(4) = 0 [pid 457] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 457] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 457] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./bus") = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] exit_group(0) = ? [pid 457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=457, si_uid=0, si_status=0, si_utime=4, si_stime=10} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 32.977210][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.985919][ T457] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/31/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 462 ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x5555748ae660, 24) = 0 [pid 462] chdir("./32") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 462] write(1, "executing program\n", 18executing program ) = 18 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 462] munmap(0x7faab4671000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("./bus", 0777) = 0 [pid 462] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 33.178600][ T462] F2FS-fs (loop0): invalid crc value [ 33.184454][ T462] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 33.203594][ T462] F2FS-fs (loop0): recover fsync data on readonly fs [ 33.210175][ T462] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 33.216744][ T462] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 462] ioctl(3, LOOP_CLR_FD) = 0 [pid 462] close(3) = 0 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 462] munmap(0x7faab4671000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 462] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 462] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 462] chdir("./bus") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_CLR_FD) = 0 [pid 462] close(4) = 0 [pid 462] exit_group(0) = ? [pid 462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 33.357554][ T462] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.366281][ T462] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/32/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x5555748ae660, 24) = 0 [pid 468] chdir("./33") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 468] munmap(0x7faab4671000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 468] close(3) = 0 [pid 468] close(4) = 0 [pid 468] mkdir("./bus", 0777) = 0 [ 33.544731][ T468] F2FS-fs (loop0): invalid crc value [ 33.550589][ T468] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 33.570242][ T468] F2FS-fs (loop0): recover fsync data on readonly fs [ 33.576862][ T468] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 33.583239][ T468] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 468] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 468] ioctl(3, LOOP_CLR_FD) = 0 [pid 468] close(3) = 0 [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 468] munmap(0x7faab4671000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 468] close(3) = 0 [pid 468] close(4) = 0 [pid 468] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 468] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 468] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 468] chdir("./bus") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_CLR_FD) = 0 [pid 468] close(4) = 0 [pid 468] exit_group(0) = ? [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 33.697253][ T468] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.705985][ T468] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/33/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 473 ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x5555748ae660, 24) = 0 [pid 473] chdir("./34") = 0 [pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 473] setpgid(0, 0) = 0 [pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 473] write(3, "1000", 4) = 4 [pid 473] close(3) = 0 [pid 473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 473] write(1, "executing program\n", 18) = 18 [pid 473] memfd_create("syzkaller", 0) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 473] munmap(0x7faab4671000, 138412032) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 473] close(3) = 0 [pid 473] close(4) = 0 [pid 473] mkdir("./bus", 0777) = 0 [pid 473] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 33.938557][ T473] F2FS-fs (loop0): invalid crc value [ 33.944531][ T473] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 33.963537][ T473] F2FS-fs (loop0): recover fsync data on readonly fs [ 33.970359][ T473] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 33.976921][ T473] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 473] ioctl(3, LOOP_CLR_FD) = 0 [pid 473] close(3) = 0 [pid 473] memfd_create("syzkaller", 0) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 473] munmap(0x7faab4671000, 138412032) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 473] close(3) = 0 [pid 473] close(4) = 0 [pid 473] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 473] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 473] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 473] chdir("./bus") = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_CLR_FD) = 0 [pid 473] close(4) = 0 [pid 473] exit_group(0) = ? [pid 473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=473, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 34.077373][ T473] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 34.086126][ T473] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/34/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 478 ./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x5555748ae660, 24) = 0 [pid 478] chdir("./35") = 0 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] setpgid(0, 0) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 478] write(3, "1000", 4) = 4 [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] write(1, "executing program\n", 18) = 18 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 478] munmap(0x7faab4671000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 478] close(3) = 0 [pid 478] close(4) = 0 [pid 478] mkdir("./bus", 0777) = 0 [ 34.291420][ T478] F2FS-fs (loop0): invalid crc value [ 34.297229][ T478] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 34.316333][ T478] F2FS-fs (loop0): recover fsync data on readonly fs [ 34.322863][ T478] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 34.329374][ T478] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 478] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 478] ioctl(3, LOOP_CLR_FD) = 0 [pid 478] close(3) = 0 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 478] munmap(0x7faab4671000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 478] close(3) = 0 [pid 478] close(4) = 0 [pid 478] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 478] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 478] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("./bus") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4) = 0 [pid 478] exit_group(0) = ? [pid 478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 34.457677][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 34.466573][ T478] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/35/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 484 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x5555748ae660, 24) = 0 [pid 484] chdir("./36") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3) = 0 [pid 484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] write(1, "executing program\n", 18) = 18 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 484] munmap(0x7faab4671000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] close(4) = 0 [pid 484] mkdir("./bus", 0777) = 0 [pid 484] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 34.649566][ T484] F2FS-fs (loop0): invalid crc value [ 34.655325][ T484] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 34.674330][ T484] F2FS-fs (loop0): recover fsync data on readonly fs [ 34.680918][ T484] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 34.687288][ T484] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 484] ioctl(3, LOOP_CLR_FD) = 0 [pid 484] close(3) = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 484] munmap(0x7faab4671000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] close(4) = 0 [pid 484] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 484] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 484] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 484] chdir("./bus") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_CLR_FD) = 0 [pid 484] close(4) = 0 [pid 484] exit_group(0) = ? [pid 484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=2, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 34.797369][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 34.806111][ T484] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/36/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x5555748ae660, 24) = 0 [pid 489] chdir("./37") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] memfd_create("syzkaller", 0) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 489] munmap(0x7faab4671000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 489] close(3) = 0 [pid 489] close(4) = 0 [pid 489] mkdir("./bus", 0777) = 0 [ 35.049918][ T489] F2FS-fs (loop0): invalid crc value [ 35.055877][ T489] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 35.074927][ T489] F2FS-fs (loop0): recover fsync data on readonly fs [ 35.081586][ T489] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 35.088113][ T489] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 489] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 489] ioctl(3, LOOP_CLR_FD) = 0 [pid 489] close(3) = 0 [pid 489] memfd_create("syzkaller", 0) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 489] munmap(0x7faab4671000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 489] close(3) = 0 [pid 489] close(4) = 0 [pid 489] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 489] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 489] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 489] chdir("./bus") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_CLR_FD) = 0 [pid 489] close(4) = 0 [pid 489] exit_group(0) = ? [pid 489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=1, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 35.227395][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 35.236243][ T489] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/37/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x5555748ae660, 24) = 0 [pid 494] chdir("./38") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 494] write(1, "executing program\n", 18) = 18 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 494] munmap(0x7faab4671000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 494] close(3) = 0 [pid 494] close(4) = 0 [pid 494] mkdir("./bus", 0777) = 0 [ 35.449112][ T494] F2FS-fs (loop0): invalid crc value [ 35.455034][ T494] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 35.473909][ T494] F2FS-fs (loop0): recover fsync data on readonly fs [ 35.480554][ T494] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 35.486960][ T494] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 494] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 494] ioctl(3, LOOP_CLR_FD) = 0 [pid 494] close(3) = 0 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 494] munmap(0x7faab4671000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 494] close(3) = 0 [pid 494] close(4) = 0 [pid 494] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 494] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 494] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 494] chdir("./bus") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_CLR_FD) = 0 [pid 494] close(4) = 0 [pid 494] exit_group(0) = ? [pid 494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 35.607291][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 35.616042][ T494] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/38/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 500 ./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x5555748ae660, 24) = 0 [pid 500] chdir("./39") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 500] write(1, "executing program\n", 18) = 18 [pid 500] memfd_create("syzkaller", 0) = 3 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 500] munmap(0x7faab4671000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 500] close(3) = 0 [pid 500] close(4) = 0 [pid 500] mkdir("./bus", 0777) = 0 [ 35.817160][ T500] F2FS-fs (loop0): invalid crc value [ 35.822884][ T500] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 35.842024][ T500] F2FS-fs (loop0): recover fsync data on readonly fs [ 35.848720][ T500] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 35.855082][ T500] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 500] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 500] ioctl(3, LOOP_CLR_FD) = 0 [pid 500] close(3) = 0 [pid 500] memfd_create("syzkaller", 0) = 3 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 500] munmap(0x7faab4671000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 500] close(3) = 0 [pid 500] close(4) = 0 [pid 500] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 500] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 500] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 500] chdir("./bus") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_CLR_FD) = 0 [pid 500] close(4) = 0 [pid 500] exit_group(0) = ? [pid 500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=500, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 35.987245][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 35.995948][ T500] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/39/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x5555748ae660, 24) = 0 [pid 505] chdir("./40") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18) = 18 [pid 505] memfd_create("syzkaller", 0) = 3 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 505] munmap(0x7faab4671000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 505] close(3) = 0 [pid 505] close(4) = 0 [pid 505] mkdir("./bus", 0777) = 0 [ 36.143867][ T505] F2FS-fs (loop0): invalid crc value [ 36.149799][ T505] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 36.168956][ T505] F2FS-fs (loop0): recover fsync data on readonly fs [ 36.175490][ T505] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 36.181919][ T505] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 505] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 505] ioctl(3, LOOP_CLR_FD) = 0 [pid 505] close(3) = 0 [pid 505] memfd_create("syzkaller", 0) = 3 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 505] munmap(0x7faab4671000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 505] close(3) = 0 [pid 505] close(4) = 0 [pid 505] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 505] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 505] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 505] chdir("./bus") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_CLR_FD) = 0 [pid 505] close(4) = 0 [pid 505] exit_group(0) = ? [pid 505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 36.307204][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.315914][ T505] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/40/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x5555748ae660, 24) = 0 [pid 510] chdir("./41") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] write(1, "executing program\n", 18executing program ) = 18 [pid 510] memfd_create("syzkaller", 0) = 3 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 510] munmap(0x7faab4671000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 510] close(3) = 0 [pid 510] close(4) = 0 [pid 510] mkdir("./bus", 0777) = 0 [ 36.465350][ T510] F2FS-fs (loop0): invalid crc value [ 36.471132][ T510] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 36.490251][ T510] F2FS-fs (loop0): recover fsync data on readonly fs [ 36.496924][ T510] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 36.503301][ T510] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 510] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 510] ioctl(3, LOOP_CLR_FD) = 0 [pid 510] close(3) = 0 [pid 510] memfd_create("syzkaller", 0) = 3 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 510] munmap(0x7faab4671000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 510] close(3) = 0 [pid 510] close(4) = 0 [pid 510] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 510] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 510] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 510] chdir("./bus") = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 510] ioctl(4, LOOP_CLR_FD) = 0 [pid 510] close(4) = 0 [pid 510] exit_group(0) = ? [pid 510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=510, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 516 ./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x5555748ae660, 24) = 0 [pid 516] chdir("./42") = 0 [pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 516] setpgid(0, 0) = 0 [pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 516] write(3, "1000", 4) = 4 [pid 516] close(3) = 0 [pid 516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 516] write(1, "executing program\n", 18executing program ) = 18 [pid 516] memfd_create("syzkaller", 0) = 3 [pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 36.617857][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.626821][ T510] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/41/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 516] munmap(0x7faab4671000, 138412032) = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 516] close(3) = 0 [pid 516] close(4) = 0 [pid 516] mkdir("./bus", 0777) = 0 [pid 516] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 36.755731][ T516] F2FS-fs (loop0): invalid crc value [ 36.761472][ T516] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 36.780671][ T516] F2FS-fs (loop0): recover fsync data on readonly fs [ 36.787287][ T516] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 36.793569][ T516] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 516] ioctl(3, LOOP_CLR_FD) = 0 [pid 516] close(3) = 0 [pid 516] memfd_create("syzkaller", 0) = 3 [pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 516] munmap(0x7faab4671000, 138412032) = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 516] close(3) = 0 [pid 516] close(4) = 0 [pid 516] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 516] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 516] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 516] chdir("./bus") = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 516] ioctl(4, LOOP_CLR_FD) = 0 [pid 516] close(4) = 0 [pid 516] exit_group(0) = ? [pid 516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=516, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 36.907300][ T516] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.916053][ T516] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/42/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 521 ./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x5555748ae660, 24) = 0 [pid 521] chdir("./43") = 0 [pid 521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 521] setpgid(0, 0) = 0 [pid 521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 521] write(3, "1000", 4) = 4 [pid 521] close(3) = 0 [pid 521] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 521] write(1, "executing program\n", 18) = 18 [pid 521] memfd_create("syzkaller", 0) = 3 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 521] munmap(0x7faab4671000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 521] close(3) = 0 [pid 521] close(4) = 0 [pid 521] mkdir("./bus", 0777) = 0 [ 37.096129][ T521] F2FS-fs (loop0): invalid crc value [ 37.102337][ T521] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 37.127417][ T521] F2FS-fs (loop0): recover fsync data on readonly fs [ 37.134100][ T521] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [pid 521] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 37.140602][ T521] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 521] ioctl(3, LOOP_CLR_FD) = 0 [pid 521] close(3) = 0 [pid 521] memfd_create("syzkaller", 0) = 3 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 521] munmap(0x7faab4671000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 521] close(3) = 0 [pid 521] close(4) = 0 [pid 521] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 521] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 521] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 521] chdir("./bus") = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 521] ioctl(4, LOOP_CLR_FD) = 0 [pid 521] close(4) = 0 [pid 521] exit_group(0) = ? [pid 521] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=521, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 526 ./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x5555748ae660, 24) = 0 [pid 526] chdir("./44") = 0 [pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 526] setpgid(0, 0) = 0 [pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 526] write(3, "1000", 4) = 4 [pid 526] close(3) = 0 [pid 526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 526] write(1, "executing program\n", 18) = 18 [pid 526] memfd_create("syzkaller", 0) = 3 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 37.247228][ T521] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 37.255963][ T521] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/43/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 526] munmap(0x7faab4671000, 138412032) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 526] close(3) = 0 [pid 526] close(4) = 0 [pid 526] mkdir("./bus", 0777) = 0 [ 37.385704][ T526] F2FS-fs (loop0): invalid crc value [ 37.391526][ T526] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 37.410484][ T526] F2FS-fs (loop0): recover fsync data on readonly fs [ 37.417136][ T526] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 37.423527][ T526] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 526] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 526] ioctl(3, LOOP_CLR_FD) = 0 [pid 526] close(3) = 0 [pid 526] memfd_create("syzkaller", 0) = 3 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 526] munmap(0x7faab4671000, 138412032) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 526] close(3) = 0 [pid 526] close(4) = 0 [pid 526] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 526] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 526] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 526] chdir("./bus") = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_CLR_FD) = 0 [pid 526] close(4) = 0 [pid 526] exit_group(0) = ? [pid 526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=3, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 37.547230][ T526] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 37.556238][ T526] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/44/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x5555748ae660, 24) = 0 [pid 532] chdir("./45") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] write(1, "executing program\n", 18) = 18 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 532] munmap(0x7faab4671000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] close(3) = 0 [pid 532] close(4) = 0 [pid 532] mkdir("./bus", 0777) = 0 [ 37.732411][ T532] F2FS-fs (loop0): invalid crc value [ 37.738448][ T532] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 37.757361][ T532] F2FS-fs (loop0): recover fsync data on readonly fs [ 37.763881][ T532] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 37.770291][ T532] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 532] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 532] ioctl(3, LOOP_CLR_FD) = 0 [pid 532] close(3) = 0 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 532] munmap(0x7faab4671000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] close(3) = 0 [pid 532] close(4) = 0 [pid 532] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 532] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 532] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 532] chdir("./bus") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_CLR_FD) = 0 [pid 532] close(4) = 0 [pid 532] exit_group(0) = ? [pid 532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=532, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 37.887155][ T532] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 37.895843][ T532] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/45/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 537 ./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x5555748ae660, 24) = 0 [pid 537] chdir("./46") = 0 [pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 537] setpgid(0, 0) = 0 [pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 537] write(3, "1000", 4) = 4 [pid 537] close(3) = 0 [pid 537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 537] write(1, "executing program\n", 18) = 18 [pid 537] memfd_create("syzkaller", 0) = 3 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 537] munmap(0x7faab4671000, 138412032) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 537] close(3) = 0 [pid 537] close(4) = 0 [pid 537] mkdir("./bus", 0777) = 0 [ 38.091567][ T537] F2FS-fs (loop0): invalid crc value [ 38.097394][ T537] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 38.116651][ T537] F2FS-fs (loop0): recover fsync data on readonly fs [ 38.123404][ T537] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 38.129936][ T537] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 537] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 537] ioctl(3, LOOP_CLR_FD) = 0 [pid 537] close(3) = 0 [pid 537] memfd_create("syzkaller", 0) = 3 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 537] munmap(0x7faab4671000, 138412032) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 537] close(3) = 0 [pid 537] close(4) = 0 [pid 537] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 537] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 537] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 537] chdir("./bus") = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 537] ioctl(4, LOOP_CLR_FD) = 0 [pid 537] close(4) = 0 [pid 537] exit_group(0) = ? [pid 537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 38.247991][ T537] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 38.256895][ T537] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/46/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x5555748ae660, 24) = 0 [pid 542] chdir("./47") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 542] write(1, "executing program\n", 18) = 18 [pid 542] memfd_create("syzkaller", 0) = 3 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 542] munmap(0x7faab4671000, 138412032) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 542] close(3) = 0 [pid 542] close(4) = 0 [pid 542] mkdir("./bus", 0777) = 0 [ 38.459579][ T542] F2FS-fs (loop0): invalid crc value [ 38.465274][ T542] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 38.484911][ T542] F2FS-fs (loop0): recover fsync data on readonly fs [ 38.491488][ T542] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 38.497982][ T542] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 542] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 542] ioctl(3, LOOP_CLR_FD) = 0 [pid 542] close(3) = 0 [pid 542] memfd_create("syzkaller", 0) = 3 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 542] munmap(0x7faab4671000, 138412032) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 542] close(3) = 0 [pid 542] close(4) = 0 [pid 542] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 542] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 542] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 542] chdir("./bus") = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_CLR_FD) = 0 [pid 542] close(4) = 0 [pid 542] exit_group(0) = ? [pid 542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=542, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 38.627314][ T542] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 38.636308][ T542] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/47/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x5555748ae660, 24) = 0 [pid 548] chdir("./48") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18executing program ) = 18 [pid 548] memfd_create("syzkaller", 0) = 3 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 548] munmap(0x7faab4671000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 548] close(3) = 0 [pid 548] close(4) = 0 [pid 548] mkdir("./bus", 0777) = 0 [ 38.861276][ T548] F2FS-fs (loop0): invalid crc value [ 38.867512][ T548] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 38.887020][ T548] F2FS-fs (loop0): recover fsync data on readonly fs [ 38.893670][ T548] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 38.900172][ T548] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 548] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 548] ioctl(3, LOOP_CLR_FD) = 0 [pid 548] close(3) = 0 [pid 548] memfd_create("syzkaller", 0) = 3 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 548] munmap(0x7faab4671000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 548] close(3) = 0 [pid 548] close(4) = 0 [pid 548] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 548] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 548] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 548] chdir("./bus") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 548] ioctl(4, LOOP_CLR_FD) = 0 [pid 548] close(4) = 0 [pid 548] exit_group(0) = ? [pid 548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=548, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 39.017202][ T548] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 39.025896][ T548] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/48/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 553 ./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x5555748ae660, 24) = 0 [pid 553] chdir("./49") = 0 [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 553] setpgid(0, 0) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] write(3, "1000", 4) = 4 [pid 553] close(3) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 553] write(1, "executing program\n", 18executing program ) = 18 [pid 553] memfd_create("syzkaller", 0) = 3 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 553] munmap(0x7faab4671000, 138412032) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 553] close(3) = 0 [pid 553] close(4) = 0 [pid 553] mkdir("./bus", 0777) = 0 [ 39.215308][ T553] F2FS-fs (loop0): invalid crc value [ 39.221077][ T553] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 39.240147][ T553] F2FS-fs (loop0): recover fsync data on readonly fs [ 39.246699][ T553] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 39.253161][ T553] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 553] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 553] ioctl(3, LOOP_CLR_FD) = 0 [pid 553] close(3) = 0 [pid 553] memfd_create("syzkaller", 0) = 3 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 553] munmap(0x7faab4671000, 138412032) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 553] close(3) = 0 [pid 553] close(4) = 0 [pid 553] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 553] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 553] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 553] chdir("./bus") = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_CLR_FD) = 0 [pid 553] close(4) = 0 [pid 553] exit_group(0) = ? [pid 553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=553, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 39.397614][ T553] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 39.406372][ T553] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/49/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x5555748ae660, 24) = 0 [pid 559] chdir("./50") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18executing program ) = 18 [pid 559] memfd_create("syzkaller", 0) = 3 [pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 559] munmap(0x7faab4671000, 138412032) = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 559] close(3) = 0 [pid 559] close(4) = 0 [pid 559] mkdir("./bus", 0777) = 0 [ 39.615286][ T559] F2FS-fs (loop0): invalid crc value [ 39.620994][ T559] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 39.640030][ T559] F2FS-fs (loop0): recover fsync data on readonly fs [ 39.646720][ T559] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 39.653134][ T559] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 559] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 559] ioctl(3, LOOP_CLR_FD) = 0 [pid 559] close(3) = 0 [pid 559] memfd_create("syzkaller", 0) = 3 [pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 559] munmap(0x7faab4671000, 138412032) = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 559] close(3) = 0 [pid 559] close(4) = 0 [pid 559] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 559] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 559] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 559] chdir("./bus") = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 559] ioctl(4, LOOP_CLR_FD) = 0 [pid 559] close(4) = 0 [pid 559] exit_group(0) = ? [pid 559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=559, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 39.807355][ T559] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 39.816171][ T559] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/50/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 564 ./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x5555748ae660, 24) = 0 [pid 564] chdir("./51") = 0 executing program [pid 564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 564] setpgid(0, 0) = 0 [pid 564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 564] write(3, "1000", 4) = 4 [pid 564] close(3) = 0 [pid 564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 564] write(1, "executing program\n", 18) = 18 [pid 564] memfd_create("syzkaller", 0) = 3 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 564] munmap(0x7faab4671000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 564] close(3) = 0 [pid 564] close(4) = 0 [pid 564] mkdir("./bus", 0777) = 0 [pid 564] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 40.109895][ T564] F2FS-fs (loop0): invalid crc value [ 40.115776][ T564] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 40.134822][ T564] F2FS-fs (loop0): recover fsync data on readonly fs [ 40.141404][ T564] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 40.147765][ T564] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 564] ioctl(3, LOOP_CLR_FD) = 0 [pid 564] close(3) = 0 [pid 564] memfd_create("syzkaller", 0) = 3 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 564] munmap(0x7faab4671000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 564] close(3) = 0 [pid 564] close(4) = 0 [pid 564] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 40.307358][ T564] ================================================================== [ 40.315273][ T564] BUG: KASAN: use-after-free in __ext4_iget+0x3a0/0x41f0 [ 40.322207][ T564] Read of size 8 at addr ffff888122438b98 by task syz-executor274/564 [ 40.330183][ T564] [ 40.332359][ T564] CPU: 1 PID: 564 Comm: syz-executor274 Not tainted 5.10.234-syzkaller-00023-g3f5f2283d684 #0 [ 40.342411][ T564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.352316][ T564] Call Trace: [ 40.355453][ T564] dump_stack_lvl+0x1e2/0x24b [ 40.359947][ T564] ? bfq_pos_tree_add_move+0x43b/0x43b [ 40.365244][ T564] ? panic+0x812/0x812 [ 40.369154][ T564] print_address_description+0x81/0x3b0 [ 40.374530][ T564] kasan_report+0x179/0x1c0 [ 40.378888][ T564] ? __ext4_iget+0x3a0/0x41f0 [ 40.383381][ T564] ? __ext4_iget+0x3a0/0x41f0 [ 40.387898][ T564] __asan_report_load8_noabort+0x14/0x20 [ 40.393362][ T564] __ext4_iget+0x3a0/0x41f0 [ 40.397704][ T564] ? ida_alloc_range+0x9c3/0xa30 [ 40.402479][ T564] ? ext4_get_projid+0x140/0x140 [ 40.407261][ T564] ? _raw_write_lock+0xa4/0x170 [ 40.411935][ T564] ? _raw_write_trylock+0x1a0/0x1a0 [ 40.416971][ T564] ? __proc_create+0x65a/0xa00 [ 40.421570][ T564] ext4_enable_quotas+0x56f/0x9f0 [ 40.426433][ T564] ? ext4_fill_flex_info+0x5b0/0x5b0 [ 40.431549][ T564] ? proc_create_single_data+0x1de/0x240 [ 40.437025][ T564] ? proc_create_seq_private+0x280/0x280 [ 40.442487][ T564] ? __kasan_check_write+0x14/0x20 [ 40.447435][ T564] ? ext4_register_sysfs+0x253/0x290 [ 40.452554][ T564] ext4_fill_super+0x86dc/0x9150 [ 40.457347][ T564] ? ext4_mount+0x40/0x40 [ 40.461493][ T564] ? vscnprintf+0x80/0x80 [ 40.465682][ T564] ? sb_set_blocksize+0xa8/0xf0 [ 40.470361][ T564] mount_bdev+0x262/0x370 [ 40.474519][ T564] ? ext4_mount+0x40/0x40 [ 40.478678][ T564] ext4_mount+0x34/0x40 [ 40.482674][ T564] legacy_get_tree+0xf1/0x190 [ 40.487280][ T564] ? ext4_chksum+0x210/0x210 [ 40.491696][ T564] vfs_get_tree+0x88/0x290 [ 40.495950][ T564] do_new_mount+0x2ba/0xb30 [ 40.500298][ T564] ? do_move_mount_old+0x160/0x160 [ 40.505239][ T564] ? security_capable+0x87/0xb0 [ 40.509925][ T564] ? ns_capable+0x89/0xe0 [ 40.514098][ T564] path_mount+0x56f/0xcb0 [ 40.518345][ T564] __se_sys_mount+0x2c4/0x3b0 [ 40.522858][ T564] ? __x64_sys_mount+0xd0/0xd0 [ 40.527541][ T564] ? fpu__clear_all+0x20/0x20 [ 40.532141][ T564] __x64_sys_mount+0xbf/0xd0 [ 40.536587][ T564] do_syscall_64+0x34/0x70 [ 40.540839][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.546551][ T564] RIP: 0033:0x7faabcab17ea [ 40.550803][ T564] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.570242][ T564] RSP: 002b:00007fff21021b48 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 40.578489][ T564] RAX: ffffffffffffffda RBX: 00007fff21021ba0 RCX: 00007faabcab17ea [ 40.586295][ T564] RDX: 0000400000000180 RSI: 0000400000000000 RDI: 00007fff21021ba0 [ 40.594108][ T564] RBP: 0000400000000000 R08: 00007fff21021be0 R09: 00000000000004fb [ 40.601924][ T564] R10: 000000000021081e R11: 0000000000000202 R12: 0000400000000180 [ 40.609733][ T564] R13: 00007fff21021be0 R14: 0000000000000501 R15: 00004000000001c0 [ 40.617540][ T564] [ 40.619711][ T564] Allocated by task 322: [ 40.623800][ T564] __kasan_slab_alloc+0xb1/0xe0 [ 40.628481][ T564] slab_post_alloc_hook+0x61/0x2f0 [ 40.633428][ T564] kmem_cache_alloc+0x168/0x2e0 [ 40.638215][ T564] f2fs_alloc_inode+0x26/0x420 [ 40.642846][ T564] iget_locked+0x14f/0x870 [ 40.647066][ T564] f2fs_iget+0x55/0x50a0 [ 40.651170][ T564] f2fs_fill_super+0x63b6/0x7d90 [ 40.655911][ T564] mount_bdev+0x262/0x370 [ 40.660087][ T564] f2fs_mount+0x34/0x40 [ 40.664074][ T564] legacy_get_tree+0xf1/0x190 [ 40.668592][ T564] vfs_get_tree+0x88/0x290 [ 40.672832][ T564] do_new_mount+0x2ba/0xb30 [ 40.677183][ T564] path_mount+0x56f/0xcb0 [ 40.681357][ T564] __se_sys_mount+0x2c4/0x3b0 [ 40.685850][ T564] __x64_sys_mount+0xbf/0xd0 [ 40.690289][ T564] do_syscall_64+0x34/0x70 [ 40.694531][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.700273][ T564] [ 40.702422][ T564] Last potentially related work creation: [ 40.707996][ T564] kasan_save_stack+0x3b/0x60 [ 40.712500][ T564] __kasan_record_aux_stack+0xd3/0x100 [ 40.717792][ T564] kasan_record_aux_stack_noalloc+0xb/0x10 [ 40.723482][ T564] call_rcu+0x135/0x11f0 [ 40.727516][ T564] evict+0x8e8/0x9c0 [ 40.731251][ T564] iput+0x632/0x7e0 [ 40.734891][ T564] f2fs_fill_super+0x66c7/0x7d90 [ 40.739673][ T564] mount_bdev+0x262/0x370 [ 40.743828][ T564] f2fs_mount+0x34/0x40 [ 40.747819][ T564] legacy_get_tree+0xf1/0x190 [ 40.752328][ T564] vfs_get_tree+0x88/0x290 [ 40.756584][ T564] do_new_mount+0x2ba/0xb30 [ 40.760935][ T564] path_mount+0x56f/0xcb0 [ 40.765096][ T564] __se_sys_mount+0x2c4/0x3b0 [ 40.769610][ T564] __x64_sys_mount+0xbf/0xd0 [ 40.774122][ T564] do_syscall_64+0x34/0x70 [ 40.778370][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.784090][ T564] [ 40.786264][ T564] The buggy address belongs to the object at ffff888122438670 [ 40.786264][ T564] which belongs to the cache f2fs_inode_cache of size 1520 [ 40.800681][ T564] The buggy address is located 1320 bytes inside of [ 40.800681][ T564] 1520-byte region [ffff888122438670, ffff888122438c60) [ 40.814046][ T564] The buggy address belongs to the page: [ 40.819544][ T564] page:ffffea0004890e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88812243ed70 pfn:0x122438 [ 40.830898][ T564] head:ffffea0004890e00 order:3 compound_mapcount:0 compound_pincount:0 [ 40.839039][ T564] flags: 0x4000000000010200(slab|head) [ 40.844335][ T564] raw: 4000000000010200 0000000000000000 0000000100000001 ffff8881029afc80 [ 40.852753][ T564] raw: ffff88812243ed70 000000008013000f 00000001ffffffff 0000000000000000 [ 40.861174][ T564] page dumped because: kasan: bad access detected [ 40.867430][ T564] page_owner tracks the page as allocated [ 40.873000][ T564] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 295, ts 21183581206, free_ts 0 [ 40.891912][ T564] prep_new_page+0x166/0x180 [ 40.896353][ T564] get_page_from_freelist+0x2d8c/0x2f30 [ 40.901701][ T564] __alloc_pages_nodemask+0x435/0xaf0 [ 40.906946][ T564] new_slab+0x80/0x400 [ 40.911024][ T564] ___slab_alloc+0x302/0x4b0 [ 40.915455][ T564] __slab_alloc+0x63/0xa0 [ 40.919612][ T564] kmem_cache_alloc+0x1b9/0x2e0 [ 40.924291][ T564] f2fs_alloc_inode+0x26/0x420 [ 40.929061][ T564] iget_locked+0x14f/0x870 [ 40.933315][ T564] f2fs_iget+0x55/0x50a0 [ 40.937393][ T564] f2fs_fill_super+0x4c57/0x7d90 [ 40.942167][ T564] mount_bdev+0x262/0x370 [ 40.946333][ T564] f2fs_mount+0x34/0x40 [ 40.950323][ T564] legacy_get_tree+0xf1/0x190 [ 40.954833][ T564] vfs_get_tree+0x88/0x290 [ 40.959100][ T564] do_new_mount+0x2ba/0xb30 [ 40.963424][ T564] page_owner free stack trace missing [ 40.968632][ T564] [ 40.970802][ T564] Memory state around the buggy address: [ 40.976277][ T564] ffff888122438a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.984188][ T564] ffff888122438b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.992077][ T564] >ffff888122438b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.999968][ T564] ^ [pid 564] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = -1 EACCES (Permission denied) [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 41.004654][ T564] ffff888122438c00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 41.012551][ T564] ffff888122438c80: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 [ 41.020462][ T564] ================================================================== [ 41.028343][ T564] Disabling lock debugging due to kernel taint [ 41.034460][ T564] EXT4-fs warning (device loop0): ext4_enable_quotas:6467: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 41.050179][ T564] EXT4-fs (loop0): mount failed [pid 564] ioctl(3, LOOP_CLR_FD) = 0 [pid 564] close(3) = 0 [pid 564] exit_group(0) = ? [pid 564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=564, si_uid=0, si_status=0, si_utime=4, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x5555748ae660, 24) = 0 [pid 287] <... clone resumed>, child_tidptr=0x5555748ae650) = 570 [pid 570] chdir("./52") = 0 [pid 570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 570] setpgid(0, 0) = 0 [pid 570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 570] write(3, "1000", 4) = 4 [pid 570] close(3) = 0 [pid 570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 570] write(1, "executing program\n", 18executing program ) = 18 [pid 570] memfd_create("syzkaller", 0) = 3 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 570] munmap(0x7faab4671000, 138412032) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 570] close(3) = 0 [pid 570] close(4) = 0 [pid 570] mkdir("./bus", 0777) = 0 [ 41.234018][ T570] F2FS-fs (loop0): invalid crc value [ 41.240272][ T570] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 41.259441][ T570] F2FS-fs (loop0): recover fsync data on readonly fs [ 41.266208][ T570] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 41.272639][ T570] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 570] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 570] ioctl(3, LOOP_CLR_FD) = 0 [pid 570] close(3) = 0 [pid 570] memfd_create("syzkaller", 0) = 3 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 570] munmap(0x7faab4671000, 138412032) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 570] close(3) = 0 [pid 570] close(4) = 0 [pid 570] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 570] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 570] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 570] chdir("./bus") = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 570] ioctl(4, LOOP_CLR_FD) = 0 [pid 570] close(4) = 0 [pid 570] exit_group(0) = ? [pid 570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=570, si_uid=0, si_status=0, si_utime=3, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 41.447442][ T570] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 41.456502][ T570] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/52/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 575 ./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x5555748ae660, 24) = 0 [pid 575] chdir("./53") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] write(1, "executing program\n", 18) = 18 [pid 575] memfd_create("syzkaller", 0) = 3 [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 575] munmap(0x7faab4671000, 138412032) = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 575] close(3) = 0 [pid 575] close(4) = 0 [pid 575] mkdir("./bus", 0777) = 0 [ 41.639735][ T575] F2FS-fs (loop0): invalid crc value [ 41.645681][ T575] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 41.664957][ T575] F2FS-fs (loop0): recover fsync data on readonly fs [ 41.671832][ T575] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 41.678293][ T575] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 575] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 575] ioctl(3, LOOP_CLR_FD) = 0 [pid 575] close(3) = 0 [pid 575] memfd_create("syzkaller", 0) = 3 [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 575] munmap(0x7faab4671000, 138412032) = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 575] close(3) = 0 [pid 575] close(4) = 0 [pid 575] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 575] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 575] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 575] chdir("./bus") = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 575] ioctl(4, LOOP_CLR_FD) = 0 [pid 575] close(4) = 0 [pid 575] exit_group(0) = ? [pid 575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=575, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 41.817349][ T575] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 41.826289][ T575] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/53/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 580 ./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x5555748ae660, 24) = 0 [pid 580] chdir("./54") = 0 [pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 580] setpgid(0, 0) = 0 [pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 580] write(3, "1000", 4) = 4 [pid 580] close(3) = 0 [pid 580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 580] write(1, "executing program\n", 18) = 18 [pid 580] memfd_create("syzkaller", 0) = 3 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 580] munmap(0x7faab4671000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 580] close(3) = 0 [pid 580] close(4) = 0 [pid 580] mkdir("./bus", 0777) = 0 [pid 580] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 42.008672][ T580] F2FS-fs (loop0): invalid crc value [ 42.014571][ T580] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 42.033683][ T580] F2FS-fs (loop0): recover fsync data on readonly fs [ 42.040282][ T580] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 42.046855][ T580] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 580] ioctl(3, LOOP_CLR_FD) = 0 [pid 580] close(3) = 0 [pid 580] memfd_create("syzkaller", 0) = 3 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 580] munmap(0x7faab4671000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 580] close(3) = 0 [pid 580] close(4) = 0 [pid 580] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 580] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 580] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 580] chdir("./bus") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 580] ioctl(4, LOOP_CLR_FD) = 0 [pid 580] close(4) = 0 [pid 580] exit_group(0) = ? [pid 580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=580, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 42.187241][ T580] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.196114][ T580] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/54/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 586 ./strace-static-x86_64: Process 586 attached [pid 586] set_robust_list(0x5555748ae660, 24) = 0 [pid 586] chdir("./55") = 0 [pid 586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 586] setpgid(0, 0) = 0 [pid 586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 586] write(3, "1000", 4) = 4 [pid 586] close(3) = 0 [pid 586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 586] write(1, "executing program\n", 18executing program ) = 18 [pid 586] memfd_create("syzkaller", 0) = 3 [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 586] munmap(0x7faab4671000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 586] close(3) = 0 [pid 586] close(4) = 0 [pid 586] mkdir("./bus", 0777) = 0 [pid 586] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 42.370579][ T586] F2FS-fs (loop0): invalid crc value [ 42.376452][ T586] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 42.395470][ T586] F2FS-fs (loop0): recover fsync data on readonly fs [ 42.402091][ T586] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 42.408489][ T586] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 586] ioctl(3, LOOP_CLR_FD) = 0 [pid 586] close(3) = 0 [pid 586] memfd_create("syzkaller", 0) = 3 [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 586] munmap(0x7faab4671000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 586] close(3) = 0 [pid 586] close(4) = 0 [pid 586] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 586] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 586] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 586] chdir("./bus") = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 586] ioctl(4, LOOP_CLR_FD) = 0 [pid 586] close(4) = 0 [pid 586] exit_group(0) = ? [pid 586] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=586, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 42.607490][ T586] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.616327][ T586] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/55/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 591 ./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x5555748ae660, 24) = 0 [pid 591] chdir("./56") = 0 executing program [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 591] write(1, "executing program\n", 18) = 18 [pid 591] memfd_create("syzkaller", 0) = 3 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 591] munmap(0x7faab4671000, 138412032) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 591] close(3) = 0 [pid 591] close(4) = 0 [pid 591] mkdir("./bus", 0777) = 0 [ 42.816608][ T591] F2FS-fs (loop0): invalid crc value [ 42.822901][ T591] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 42.842117][ T591] F2FS-fs (loop0): recover fsync data on readonly fs [ 42.848717][ T591] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 42.855027][ T591] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 591] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 591] ioctl(3, LOOP_CLR_FD) = 0 [pid 591] close(3) = 0 [pid 591] memfd_create("syzkaller", 0) = 3 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 591] munmap(0x7faab4671000, 138412032) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 591] close(3) = 0 [pid 591] close(4) = 0 [pid 591] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 591] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 591] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 591] chdir("./bus") = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 591] ioctl(4, LOOP_CLR_FD) = 0 [pid 591] close(4) = 0 [pid 591] exit_group(0) = ? [pid 591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=591, si_uid=0, si_status=0, si_utime=3, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 42.977256][ T591] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.986260][ T591] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/56/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 597 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x5555748ae660, 24) = 0 [pid 597] chdir("./57") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18) = 18 [pid 597] memfd_create("syzkaller", 0) = 3 [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 597] munmap(0x7faab4671000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 597] close(3) = 0 [pid 597] close(4) = 0 [pid 597] mkdir("./bus", 0777) = 0 [ 43.134202][ T597] F2FS-fs (loop0): invalid crc value [ 43.140192][ T597] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 43.159254][ T597] F2FS-fs (loop0): recover fsync data on readonly fs [ 43.165791][ T597] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 43.172308][ T597] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 597] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 597] ioctl(3, LOOP_CLR_FD) = 0 [pid 597] close(3) = 0 [pid 597] memfd_create("syzkaller", 0) = 3 [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 597] munmap(0x7faab4671000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 597] close(3) = 0 [pid 597] close(4) = 0 [pid 597] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 597] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 597] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 597] chdir("./bus") = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 597] ioctl(4, LOOP_CLR_FD) = 0 [pid 597] close(4) = 0 [pid 597] exit_group(0) = ? [pid 597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=597, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 43.287281][ T597] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 43.296374][ T597] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/57/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 602 ./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x5555748ae660, 24) = 0 [pid 602] chdir("./58") = 0 [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 602] setpgid(0, 0) = 0 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 602] write(3, "1000", 4) = 4 [pid 602] close(3) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 602] write(1, "executing program\n", 18executing program ) = 18 [pid 602] memfd_create("syzkaller", 0) = 3 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 602] munmap(0x7faab4671000, 138412032) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 602] close(3) = 0 [pid 602] close(4) = 0 [pid 602] mkdir("./bus", 0777) = 0 [ 43.461830][ T602] F2FS-fs (loop0): invalid crc value [ 43.467995][ T602] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 43.487603][ T602] F2FS-fs (loop0): recover fsync data on readonly fs [ 43.494317][ T602] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 43.500829][ T602] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 602] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 602] ioctl(3, LOOP_CLR_FD) = 0 [pid 602] close(3) = 0 [pid 602] memfd_create("syzkaller", 0) = 3 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 602] munmap(0x7faab4671000, 138412032) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 602] close(3) = 0 [pid 602] close(4) = 0 [pid 602] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 602] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 602] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 602] chdir("./bus") = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 602] ioctl(4, LOOP_CLR_FD) = 0 [pid 602] close(4) = 0 [pid 602] exit_group(0) = ? [pid 602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=602, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 43.627247][ T602] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 43.636527][ T602] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/58/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 607 ./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x5555748ae660, 24) = 0 [pid 607] chdir("./59") = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 607] write(3, "1000", 4) = 4 [pid 607] close(3) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 607] write(1, "executing program\n", 18) = 18 [pid 607] memfd_create("syzkaller", 0) = 3 [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 607] munmap(0x7faab4671000, 138412032) = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 607] close(3) = 0 [pid 607] close(4) = 0 [pid 607] mkdir("./bus", 0777) = 0 [ 43.822949][ T607] F2FS-fs (loop0): invalid crc value [ 43.828752][ T607] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 43.847944][ T607] F2FS-fs (loop0): recover fsync data on readonly fs [ 43.854508][ T607] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 43.860871][ T607] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 607] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 607] ioctl(3, LOOP_CLR_FD) = 0 [pid 607] close(3) = 0 [pid 607] memfd_create("syzkaller", 0) = 3 [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 607] munmap(0x7faab4671000, 138412032) = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 607] close(3) = 0 [pid 607] close(4) = 0 [pid 607] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 607] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 607] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 607] chdir("./bus") = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 607] ioctl(4, LOOP_CLR_FD) = 0 [pid 607] close(4) = 0 [pid 607] exit_group(0) = ? [pid 607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=607, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 44.027497][ T607] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.036293][ T607] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/59/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 613 ./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x5555748ae660, 24) = 0 [pid 613] chdir("./60") = 0 [pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 613] setpgid(0, 0) = 0 [pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 613] write(3, "1000", 4) = 4 [pid 613] close(3) = 0 [pid 613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 613] write(1, "executing program\n", 18executing program ) = 18 [pid 613] memfd_create("syzkaller", 0) = 3 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 613] munmap(0x7faab4671000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 613] close(3) = 0 [pid 613] close(4) = 0 [pid 613] mkdir("./bus", 0777) = 0 [ 44.217309][ T613] F2FS-fs (loop0): invalid crc value [ 44.223035][ T613] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 44.242117][ T613] F2FS-fs (loop0): recover fsync data on readonly fs [ 44.248778][ T613] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 44.255158][ T613] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 613] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 613] ioctl(3, LOOP_CLR_FD) = 0 [pid 613] close(3) = 0 [pid 613] memfd_create("syzkaller", 0) = 3 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 613] munmap(0x7faab4671000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 613] close(3) = 0 [pid 613] close(4) = 0 [pid 613] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 613] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 613] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 613] chdir("./bus") = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 613] ioctl(4, LOOP_CLR_FD) = 0 [pid 613] close(4) = 0 [pid 613] exit_group(0) = ? [pid 613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=613, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 44.377349][ T613] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.386252][ T613] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/60/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 618 ./strace-static-x86_64: Process 618 attached [pid 618] set_robust_list(0x5555748ae660, 24) = 0 [pid 618] chdir("./61") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 618] setpgid(0, 0) = 0 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] write(1, "executing program\n", 18) = 18 [pid 618] memfd_create("syzkaller", 0) = 3 [pid 618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 618] munmap(0x7faab4671000, 138412032) = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 618] close(3) = 0 [pid 618] close(4) = 0 [pid 618] mkdir("./bus", 0777) = 0 [ 44.574729][ T618] F2FS-fs (loop0): invalid crc value [ 44.580658][ T618] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 44.600072][ T618] F2FS-fs (loop0): recover fsync data on readonly fs [ 44.606666][ T618] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 44.613037][ T618] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 618] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 618] ioctl(3, LOOP_CLR_FD) = 0 [pid 618] close(3) = 0 [pid 618] memfd_create("syzkaller", 0) = 3 [pid 618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 618] munmap(0x7faab4671000, 138412032) = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 618] close(3) = 0 [pid 618] close(4) = 0 [pid 618] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 44.787108][ T618] EXT4-fs warning (device loop0): ext4_enable_quotas:6467: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 44.801626][ T618] EXT4-fs (loop0): mount failed [pid 618] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = -1 EACCES (Permission denied) [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 618] ioctl(3, LOOP_CLR_FD) = 0 [pid 618] close(3) = 0 [pid 618] exit_group(0) = ? [pid 618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=618, si_uid=0, si_status=0, si_utime=2, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 623 attached [pid 623] set_robust_list(0x5555748ae660, 24) = 0 [pid 623] chdir("./62") = 0 [pid 623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 623] setpgid(0, 0) = 0 [pid 623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] <... clone resumed>, child_tidptr=0x5555748ae650) = 623 [pid 623] <... openat resumed>) = 3 [pid 623] write(3, "1000", 4) = 4 [pid 623] close(3) = 0 [pid 623] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 623] write(1, "executing program\n", 18) = 18 [pid 623] memfd_create("syzkaller", 0) = 3 [pid 623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 623] munmap(0x7faab4671000, 138412032) = 0 [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 623] close(3) = 0 [pid 623] close(4) = 0 [pid 623] mkdir("./bus", 0777) = 0 [ 45.006240][ T623] F2FS-fs (loop0): invalid crc value [ 45.011937][ T623] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 45.031346][ T623] F2FS-fs (loop0): recover fsync data on readonly fs [ 45.038236][ T623] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 45.044627][ T623] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 623] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 623] ioctl(3, LOOP_CLR_FD) = 0 [pid 623] close(3) = 0 [pid 623] memfd_create("syzkaller", 0) = 3 [pid 623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 623] munmap(0x7faab4671000, 138412032) = 0 [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 623] close(3) = 0 [pid 623] close(4) = 0 [pid 623] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 623] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 623] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 623] chdir("./bus") = 0 [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 623] ioctl(4, LOOP_CLR_FD) = 0 [pid 623] close(4) = 0 [pid 623] exit_group(0) = ? [pid 623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=623, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 45.217298][ T623] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.226107][ T623] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/62/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 629 ./strace-static-x86_64: Process 629 attached [pid 629] set_robust_list(0x5555748ae660, 24) = 0 [pid 629] chdir("./63") = 0 [pid 629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 629] setpgid(0, 0) = 0 [pid 629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 629] write(3, "1000", 4) = 4 [pid 629] close(3) = 0 [pid 629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 629] write(1, "executing program\n", 18executing program ) = 18 [pid 629] memfd_create("syzkaller", 0) = 3 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 629] munmap(0x7faab4671000, 138412032) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 629] close(3) = 0 [pid 629] close(4) = 0 [pid 629] mkdir("./bus", 0777) = 0 [ 45.448396][ T629] F2FS-fs (loop0): invalid crc value [ 45.454214][ T629] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 45.473309][ T629] F2FS-fs (loop0): recover fsync data on readonly fs [ 45.480010][ T629] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 45.486443][ T629] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 629] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 629] ioctl(3, LOOP_CLR_FD) = 0 [pid 629] close(3) = 0 [pid 629] memfd_create("syzkaller", 0) = 3 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 629] munmap(0x7faab4671000, 138412032) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 629] close(3) = 0 [pid 629] close(4) = 0 [pid 629] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 629] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = -1 EACCES (Permission denied) [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 45.617097][ T629] EXT4-fs warning (device loop0): ext4_enable_quotas:6467: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 45.631864][ T629] EXT4-fs (loop0): mount failed [pid 629] ioctl(3, LOOP_CLR_FD) = 0 [pid 629] close(3) = 0 [pid 629] exit_group(0) = ? [pid 629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=629, si_uid=0, si_status=0, si_utime=3, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 634 attached , child_tidptr=0x5555748ae650) = 634 [pid 634] set_robust_list(0x5555748ae660, 24) = 0 [pid 634] chdir("./64") = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 634] write(1, "executing program\n", 18executing program ) = 18 [pid 634] memfd_create("syzkaller", 0) = 3 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 634] munmap(0x7faab4671000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 634] close(3) = 0 [pid 634] close(4) = 0 [pid 634] mkdir("./bus", 0777) = 0 [ 45.826550][ T634] F2FS-fs (loop0): invalid crc value [ 45.832288][ T634] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 45.851437][ T634] F2FS-fs (loop0): recover fsync data on readonly fs [ 45.857994][ T634] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 45.864427][ T634] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 634] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 634] ioctl(3, LOOP_CLR_FD) = 0 [pid 634] close(3) = 0 [pid 634] memfd_create("syzkaller", 0) = 3 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 634] munmap(0x7faab4671000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 634] close(3) = 0 [pid 634] close(4) = 0 [pid 634] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 634] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 634] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 634] chdir("./bus") = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 634] ioctl(4, LOOP_CLR_FD) = 0 [pid 634] close(4) = 0 [pid 634] exit_group(0) = ? [pid 634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=634, si_uid=0, si_status=0, si_utime=2, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 46.027321][ T634] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.036107][ T634] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/64/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 640 ./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x5555748ae660, 24) = 0 [pid 640] chdir("./65") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] write(1, "executing program\n", 18) = 18 [pid 640] memfd_create("syzkaller", 0) = 3 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 640] munmap(0x7faab4671000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 640] close(3) = 0 [pid 640] close(4) = 0 [pid 640] mkdir("./bus", 0777) = 0 [ 46.214202][ T640] F2FS-fs (loop0): invalid crc value [ 46.219926][ T640] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 46.239346][ T640] F2FS-fs (loop0): recover fsync data on readonly fs [ 46.245961][ T640] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 46.252416][ T640] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 640] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 640] ioctl(3, LOOP_CLR_FD) = 0 [pid 640] close(3) = 0 [pid 640] memfd_create("syzkaller", 0) = 3 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 640] munmap(0x7faab4671000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 640] close(3) = 0 [pid 640] close(4) = 0 [pid 640] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 640] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 640] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 640] chdir("./bus") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 640] ioctl(4, LOOP_CLR_FD) = 0 [pid 640] close(4) = 0 [pid 640] exit_group(0) = ? [pid 640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=640, si_uid=0, si_status=0, si_utime=4, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 46.407227][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.415970][ T640] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/65/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 645 ./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x5555748ae660, 24) = 0 [pid 645] chdir("./66") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] write(1, "executing program\n", 18) = 18 [pid 645] memfd_create("syzkaller", 0) = 3 [pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 645] munmap(0x7faab4671000, 138412032) = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 645] close(3) = 0 [pid 645] close(4) = 0 [pid 645] mkdir("./bus", 0777) = 0 [ 46.611377][ T645] F2FS-fs (loop0): invalid crc value [ 46.617234][ T645] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 46.636253][ T645] F2FS-fs (loop0): recover fsync data on readonly fs [ 46.643143][ T645] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 46.649618][ T645] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 645] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 645] ioctl(3, LOOP_CLR_FD) = 0 [pid 645] close(3) = 0 [pid 645] memfd_create("syzkaller", 0) = 3 [pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 645] munmap(0x7faab4671000, 138412032) = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 645] close(3) = 0 [pid 645] close(4) = 0 [pid 645] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 645] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 645] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 645] chdir("./bus") = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 645] ioctl(4, LOOP_CLR_FD) = 0 [pid 645] close(4) = 0 [pid 645] exit_group(0) = ? [pid 645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=645, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 46.777183][ T645] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.785932][ T645] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/66/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 650 ./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x5555748ae660, 24) = 0 [pid 650] chdir("./67") = 0 [pid 650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 650] setpgid(0, 0) = 0 [pid 650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 650] write(3, "1000", 4) = 4 [pid 650] close(3) = 0 [pid 650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 650] write(1, "executing program\n", 18) = 18 [pid 650] memfd_create("syzkaller", 0) = 3 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 650] munmap(0x7faab4671000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 650] close(3) = 0 [pid 650] close(4) = 0 [pid 650] mkdir("./bus", 0777) = 0 [ 46.930546][ T650] F2FS-fs (loop0): invalid crc value [ 46.936781][ T650] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 46.955828][ T650] F2FS-fs (loop0): recover fsync data on readonly fs [ 46.962518][ T650] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 46.968913][ T650] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 650] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 650] ioctl(3, LOOP_CLR_FD) = 0 [pid 650] close(3) = 0 [pid 650] memfd_create("syzkaller", 0) = 3 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 650] munmap(0x7faab4671000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 650] close(3) = 0 [pid 650] close(4) = 0 [pid 650] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 650] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 650] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 650] chdir("./bus") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 650] ioctl(4, LOOP_CLR_FD) = 0 [pid 650] close(4) = 0 [pid 650] exit_group(0) = ? [pid 650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=650, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 47.097370][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.106265][ T650] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/67/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 656 ./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x5555748ae660, 24) = 0 [pid 656] chdir("./68") = 0 [pid 656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 656] setpgid(0, 0) = 0 [pid 656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 656] write(3, "1000", 4) = 4 [pid 656] close(3) = 0 [pid 656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 656] write(1, "executing program\n", 18) = 18 [pid 656] memfd_create("syzkaller", 0) = 3 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 656] munmap(0x7faab4671000, 138412032) = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 656] close(3) = 0 [pid 656] close(4) = 0 [pid 656] mkdir("./bus", 0777) = 0 [ 47.253492][ T656] F2FS-fs (loop0): invalid crc value [ 47.260138][ T656] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 47.279111][ T656] F2FS-fs (loop0): recover fsync data on readonly fs [ 47.285764][ T656] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 47.292169][ T656] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 656] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 656] ioctl(3, LOOP_CLR_FD) = 0 [pid 656] close(3) = 0 [pid 656] memfd_create("syzkaller", 0) = 3 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 656] munmap(0x7faab4671000, 138412032) = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 656] close(3) = 0 [pid 656] close(4) = 0 [pid 656] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 47.407090][ T656] EXT4-fs warning (device loop0): ext4_enable_quotas:6467: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 47.421852][ T656] EXT4-fs (loop0): mount failed [pid 656] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = -1 EACCES (Permission denied) [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 656] ioctl(3, LOOP_CLR_FD) = 0 [pid 656] close(3) = 0 [pid 656] exit_group(0) = ? [pid 656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=656, si_uid=0, si_status=0, si_utime=4, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 661 ./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x5555748ae660, 24) = 0 [pid 661] chdir("./69") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 661] write(1, "executing program\n", 18) = 18 [pid 661] memfd_create("syzkaller", 0) = 3 [pid 661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 661] munmap(0x7faab4671000, 138412032) = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 661] close(3) = 0 [pid 661] close(4) = 0 [pid 661] mkdir("./bus", 0777) = 0 [ 47.595565][ T661] F2FS-fs (loop0): invalid crc value [ 47.601315][ T661] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 47.620393][ T661] F2FS-fs (loop0): recover fsync data on readonly fs [ 47.627000][ T661] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 47.633266][ T661] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 661] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 661] ioctl(3, LOOP_CLR_FD) = 0 [pid 661] close(3) = 0 [pid 661] memfd_create("syzkaller", 0) = 3 [pid 661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 661] munmap(0x7faab4671000, 138412032) = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 661] close(3) = 0 [pid 661] close(4) = 0 [pid 661] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 47.767245][ T661] EXT4-fs warning (device loop0): ext4_enable_quotas:6467: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 47.781765][ T661] EXT4-fs (loop0): mount failed [pid 661] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = -1 EACCES (Permission denied) [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 661] ioctl(3, LOOP_CLR_FD) = 0 [pid 661] close(3) = 0 [pid 661] exit_group(0) = ? [pid 661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=661, si_uid=0, si_status=0, si_utime=1, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 666 ./strace-static-x86_64: Process 666 attached [pid 666] set_robust_list(0x5555748ae660, 24) = 0 [pid 666] chdir("./70") = 0 [pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 666] setpgid(0, 0) = 0 [pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 666] write(3, "1000", 4) = 4 [pid 666] close(3) = 0 [pid 666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 666] write(1, "executing program\n", 18executing program ) = 18 [pid 666] memfd_create("syzkaller", 0) = 3 [pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 666] munmap(0x7faab4671000, 138412032) = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 666] close(3) = 0 [pid 666] close(4) = 0 [pid 666] mkdir("./bus", 0777) = 0 [ 47.980970][ T666] F2FS-fs (loop0): invalid crc value [ 47.986729][ T666] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 48.005754][ T666] F2FS-fs (loop0): recover fsync data on readonly fs [ 48.012291][ T666] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 48.018715][ T666] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 666] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 48.019058][ T24] audit: type=1400 audit(1741443502.069:73): avc: denied { remove_name } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 48.047416][ T24] audit: type=1400 audit(1741443502.069:74): avc: denied { rename } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 666] ioctl(3, LOOP_CLR_FD) = 0 [pid 666] close(3) = 0 [pid 666] memfd_create("syzkaller", 0) = 3 [pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 666] munmap(0x7faab4671000, 138412032) = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 666] close(3) = 0 [pid 666] close(4) = 0 [pid 666] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 666] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 666] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 666] chdir("./bus") = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 666] ioctl(4, LOOP_CLR_FD) = 0 [pid 666] close(4) = 0 [pid 666] exit_group(0) = ? [pid 666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=666, si_uid=0, si_status=0, si_utime=3, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 48.197283][ T666] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.206149][ T666] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/70/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 672 ./strace-static-x86_64: Process 672 attached [pid 672] set_robust_list(0x5555748ae660, 24) = 0 [pid 672] chdir("./71") = 0 [pid 672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 672] setpgid(0, 0) = 0 [pid 672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 672] write(3, "1000", 4) = 4 [pid 672] close(3) = 0 [pid 672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 672] write(1, "executing program\n", 18) = 18 [pid 672] memfd_create("syzkaller", 0) = 3 [pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 672] munmap(0x7faab4671000, 138412032) = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 672] close(3) = 0 [pid 672] close(4) = 0 [pid 672] mkdir("./bus", 0777) = 0 [ 48.409093][ T672] F2FS-fs (loop0): invalid crc value [ 48.415081][ T672] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 48.433994][ T672] F2FS-fs (loop0): recover fsync data on readonly fs [ 48.440626][ T672] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 48.447035][ T672] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 672] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 672] ioctl(3, LOOP_CLR_FD) = 0 [pid 672] close(3) = 0 [pid 672] memfd_create("syzkaller", 0) = 3 [pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 672] munmap(0x7faab4671000, 138412032) = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 672] close(3) = 0 [pid 672] close(4) = 0 [pid 672] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 672] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 672] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 672] chdir("./bus") = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 672] ioctl(4, LOOP_CLR_FD) = 0 [pid 672] close(4) = 0 [pid 672] exit_group(0) = ? [pid 672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=672, si_uid=0, si_status=0, si_utime=2, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 677 ./strace-static-x86_64: Process 677 attached [pid 677] set_robust_list(0x5555748ae660, 24) = 0 [pid 677] chdir("./72") = 0 [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 677] setpgid(0, 0) = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 677] write(3, "1000", 4) = 4 [pid 677] close(3) = 0 [pid 677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 677] write(1, "executing program\n", 18) = 18 [pid 677] memfd_create("syzkaller", 0) = 3 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 48.587204][ T672] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.596196][ T672] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/71/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 677] munmap(0x7faab4671000, 138412032) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 677] close(3) = 0 [pid 677] close(4) = 0 [pid 677] mkdir("./bus", 0777) = 0 [pid 677] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 48.721289][ T677] F2FS-fs (loop0): invalid crc value [ 48.727139][ T677] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 48.746242][ T677] F2FS-fs (loop0): recover fsync data on readonly fs [ 48.752982][ T677] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 48.759426][ T677] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 677] ioctl(3, LOOP_CLR_FD) = 0 [pid 677] close(3) = 0 [pid 677] memfd_create("syzkaller", 0) = 3 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 677] munmap(0x7faab4671000, 138412032) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 677] close(3) = 0 [pid 677] close(4) = 0 [pid 677] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 677] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 677] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 677] chdir("./bus") = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 677] ioctl(4, LOOP_CLR_FD) = 0 [pid 677] close(4) = 0 [pid 677] exit_group(0) = ? [pid 677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=677, si_uid=0, si_status=0, si_utime=2, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 682 ./strace-static-x86_64: Process 682 attached [pid 682] set_robust_list(0x5555748ae660, 24) = 0 [pid 682] chdir("./73") = 0 [pid 682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 682] setpgid(0, 0) = 0 [pid 682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 682] write(3, "1000", 4) = 4 [pid 682] close(3) = 0 [pid 682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 682] write(1, "executing program\n", 18executing program ) = 18 [pid 682] memfd_create("syzkaller", 0) = 3 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [ 48.917271][ T677] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.932054][ T677] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/72/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 682] munmap(0x7faab4671000, 138412032) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 682] close(3) = 0 [pid 682] close(4) = 0 [pid 682] mkdir("./bus", 0777) = 0 [ 49.062770][ T682] F2FS-fs (loop0): invalid crc value [ 49.068679][ T682] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 49.087587][ T682] F2FS-fs (loop0): recover fsync data on readonly fs [ 49.094354][ T682] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 49.100849][ T682] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 682] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 682] ioctl(3, LOOP_CLR_FD) = 0 [pid 682] close(3) = 0 [pid 682] memfd_create("syzkaller", 0) = 3 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 682] munmap(0x7faab4671000, 138412032) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 682] close(3) = 0 [pid 682] close(4) = 0 [pid 682] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 682] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 682] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 682] chdir("./bus") = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 682] ioctl(4, LOOP_CLR_FD) = 0 [pid 682] close(4) = 0 [pid 682] exit_group(0) = ? [pid 682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=682, si_uid=0, si_status=0, si_utime=1, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 49.247258][ T682] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 49.256154][ T682] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/73/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 688 ./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x5555748ae660, 24) = 0 [pid 688] chdir("./74") = 0 [pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 688] setpgid(0, 0) = 0 [pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 688] write(3, "1000", 4) = 4 [pid 688] close(3) = 0 [pid 688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 688] write(1, "executing program\n", 18) = 18 [pid 688] memfd_create("syzkaller", 0) = 3 [pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 688] munmap(0x7faab4671000, 138412032) = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 688] close(3) = 0 [pid 688] close(4) = 0 [pid 688] mkdir("./bus", 0777) = 0 [ 49.509799][ T688] F2FS-fs (loop0): invalid crc value [ 49.515591][ T688] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 49.534416][ T688] F2FS-fs (loop0): recover fsync data on readonly fs [ 49.541114][ T688] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 49.547558][ T688] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 688] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 688] ioctl(3, LOOP_CLR_FD) = 0 [pid 688] close(3) = 0 [pid 688] memfd_create("syzkaller", 0) = 3 [pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 688] munmap(0x7faab4671000, 138412032) = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 688] close(3) = 0 [pid 688] close(4) = 0 [pid 688] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 688] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 688] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 688] chdir("./bus") = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 688] ioctl(4, LOOP_CLR_FD) = 0 [pid 688] close(4) = 0 [pid 688] exit_group(0) = ? [pid 688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=688, si_uid=0, si_status=0, si_utime=2, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 49.717389][ T688] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 49.726280][ T688] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/74/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555748ae650) = 693 ./strace-static-x86_64: Process 693 attached [pid 693] set_robust_list(0x5555748ae660, 24) = 0 [pid 693] chdir("./75") = 0 [pid 693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 693] setpgid(0, 0) = 0 [pid 693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 693] write(3, "1000", 4) = 4 [pid 693] close(3) = 0 [pid 693] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 693] write(1, "executing program\n", 18) = 18 [pid 693] memfd_create("syzkaller", 0) = 3 [pid 693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 693] munmap(0x7faab4671000, 138412032) = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 693] close(3) = 0 [pid 693] close(4) = 0 [pid 693] mkdir("./bus", 0777) = 0 [ 49.949901][ T693] F2FS-fs (loop0): invalid crc value [ 49.955729][ T693] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 49.974995][ T693] F2FS-fs (loop0): recover fsync data on readonly fs [ 49.981607][ T693] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 49.987949][ T693] F2FS-fs (loop0): checkpoint=disable on readonly fs [pid 693] mount("/dev/loop0", "./bus", "f2fs", MS_RDONLY|MS_NOATIME|MS_REC|MS_SILENT|0x200, "nodiscard,usrjquota=nodiscard,acl,alloc_mode=reuse,atgc,disable_roll_forward,background_gc=on,nouser"...) = -1 EINVAL (Invalid argument) [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 693] ioctl(3, LOOP_CLR_FD) = 0 [pid 693] close(3) = 0 [pid 693] memfd_create("syzkaller", 0) = 3 [pid 693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 693] munmap(0x7faab4671000, 138412032) = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 693] close(3) = 0 [pid 693] close(4) = 0 [pid 693] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 693] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_RELATIME, ",errors=continue") = 0 [pid 693] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 693] chdir("./bus") = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 693] ioctl(4, LOOP_CLR_FD) = 0 [pid 693] close(4) = 0 [pid 693] exit_group(0) = ? [pid 693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=693, si_uid=0, si_status=0, si_utime=3, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555748af6f0 /* 4 entries */, 32768) = 104 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 50.117344][ T693] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 50.126201][ T693] ext4 filesystem being mounted at /root/syzkaller.QRN1Ip/75/bus supports timestamps until 2038-01-19 (0x7fffffff) umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555748b7730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555748b7730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 getdents64(3, 0x5555748af6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555748ae650) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x5555748ae660, 24) = 0 [pid 699] chdir("./76") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 699] write(1, "executing program\n", 18) = 18 [pid 699] memfd_create("syzkaller", 0) = 3 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faab4671000 [pid 699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 699] munmap(0x7faab4671000, 138412032) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 699] close(3) = 0 [pid 699] close(4) = 0 [pid 699] mkdir("./bus", 0777) = 0