./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1675212085 <...> Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. execve("./syz-executor1675212085", ["./syz-executor1675212085"], 0x7ffd7dc0f940 /* 10 vars */) = 0 brk(NULL) = 0x555588740000 brk(0x555588740d00) = 0x555588740d00 arch_prctl(ARCH_SET_FS, 0x555588740380) = 0 set_tid_address(0x555588740650) = 5057 set_robust_list(0x555588740660, 24) = 0 rseq(0x555588740ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1675212085", 4096) = 28 getrandom("\x71\x30\x98\x6f\x03\x3b\x71\xcf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555588740d00 brk(0x555588761d00) = 0x555588761d00 brk(0x555588762000) = 0x555588762000 mprotect(0x7f1bc7147000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.gjSo4e", 0700) = 0 chmod("./syzkaller.gjSo4e", 0777) = 0 chdir("./syzkaller.gjSo4e") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x555588740660, 24) = 0 [pid 5058] chdir("./0") = 0 [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5058 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] memfd_create("syzkaller", 0) = 3 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5058] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5058] close(3) = 0 [pid 5058] close(4) = 0 [pid 5058] mkdir("./bus", 0777) = 0 [ 66.944077][ T5058] loop0: detected capacity change from 0 to 2048 [ 66.971042][ T5058] ======================================================= [ 66.971042][ T5058] WARNING: The mand mount option has been deprecated and [ 66.971042][ T5058] and is ignored by this kernel. Remove the mand [pid 5058] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5058] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 66.971042][ T5058] option from the mount to silence this warning. [ 66.971042][ T5058] ======================================================= [ 67.017437][ T5060] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5058] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5058] exit_group(0) = ? [pid 5058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 67.047396][ T5058] syz-executor167: attempt to access beyond end of device [ 67.047396][ T5058] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 [ 67.065600][ T5058] syz-executor167: attempt to access beyond end of device [ 67.065600][ T5058] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x555588740660, 24) = 0 [pid 5061] chdir("./1" [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5061 [pid 5061] <... chdir resumed>) = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] memfd_create("syzkaller", 0) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5061] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5061] close(3) = 0 [pid 5061] close(4) = 0 [pid 5061] mkdir("./bus", 0777) = 0 [ 67.411735][ T5061] loop0: detected capacity change from 0 to 2048 [ 67.448654][ T5062] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5061] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5061] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5061] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5061] exit_group(0) = ? [pid 5061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 67.464253][ T5061] syz-executor167: attempt to access beyond end of device [ 67.464253][ T5061] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 [ 67.481876][ T5061] syz-executor167: attempt to access beyond end of device [ 67.481876][ T5061] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached , child_tidptr=0x555588740650) = 5063 [pid 5063] set_robust_list(0x555588740660, 24) = 0 [pid 5063] chdir("./2") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5063] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] close(4) = 0 [pid 5063] mkdir("./bus", 0777) = 0 [ 67.848975][ T5063] loop0: detected capacity change from 0 to 2048 [pid 5063] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 67.891743][ T5064] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.926540][ T5063] syz-executor167: attempt to access beyond end of device [ 67.926540][ T5063] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 [pid 5063] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5063] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 67.942651][ T5063] syz-executor167: attempt to access beyond end of device [ 67.942651][ T5063] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555588740660, 24) = 0 [pid 5065] chdir("./3" [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5065 [pid 5065] <... chdir resumed>) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5065] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./bus", 0777) = 0 [ 68.174849][ T5065] loop0: detected capacity change from 0 to 2048 [pid 5065] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 68.220261][ T5066] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5065] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 [ 68.273753][ T5065] syz-executor167: attempt to access beyond end of device [ 68.273753][ T5065] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 [ 68.291064][ T5065] syz-executor167: attempt to access beyond end of device [ 68.291064][ T5065] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached , child_tidptr=0x555588740650) = 5067 [pid 5067] set_robust_list(0x555588740660, 24) = 0 [pid 5067] chdir("./4") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5067] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] close(4) = 0 [pid 5067] mkdir("./bus", 0777) = 0 [pid 5067] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5067] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 68.513540][ T5067] loop0: detected capacity change from 0 to 2048 [ 68.545798][ T5068] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5067] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.558538][ T5067] syz-executor167: attempt to access beyond end of device [ 68.558538][ T5067] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 [ 68.574695][ T5067] syz-executor167: attempt to access beyond end of device [ 68.574695][ T5067] loop0: rw=0, sector=68719476772, nr_sectors = 2 limit=2048 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555588740660, 24) = 0 [pid 5069] chdir("./5") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5069 [pid 5069] <... prctl resumed>) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5069] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./bus", 0777) = 0 [pid 5069] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5069] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5069] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 68.954462][ T5069] loop0: detected capacity change from 0 to 2048 [ 68.983203][ T5070] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x555588740660, 24) = 0 [pid 5071] chdir("./6" [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5071 [pid 5071] <... chdir resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5071] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] close(4) = 0 [pid 5071] mkdir("./bus", 0777) = 0 [pid 5071] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5071] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5071] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 69.310680][ T5071] loop0: detected capacity change from 0 to 2048 [ 69.338466][ T5072] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x555588740660, 24 [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5073 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5073] chdir("./7") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5073] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] close(4) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [pid 5073] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5073] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5073] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.703278][ T5073] loop0: detected capacity change from 0 to 2048 [ 69.734764][ T5074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x555588740650) = 5075 [pid 5075] set_robust_list(0x555588740660, 24) = 0 [pid 5075] chdir("./8") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5075] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./bus", 0777) = 0 [pid 5075] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [ 70.039212][ T5075] loop0: detected capacity change from 0 to 2048 [pid 5075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5075] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5075] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 70.083046][ T5076] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555588740660, 24 [pid 5057] <... clone resumed>, child_tidptr=0x555588740650) = 5077 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5077] chdir("./9") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5077] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] close(4) = 0 [pid 5077] mkdir("./bus", 0777) = 0 [ 70.438430][ T5077] loop0: detected capacity change from 0 to 2048 [pid 5077] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5077] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5077] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 70.485760][ T5078] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555588740650) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555588740660, 24) = 0 [pid 5079] chdir("./10") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5079] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [pid 5079] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5079] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5079] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.852528][ T5079] loop0: detected capacity change from 0 to 2048 [ 70.885642][ T5080] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555588740650) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x555588740660, 24) = 0 [pid 5081] chdir("./11") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5081] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] close(4) = 0 [pid 5081] mkdir("./bus", 0777) = 0 [ 71.180679][ T5081] loop0: detected capacity change from 0 to 2048 [pid 5081] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5081] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5081] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 71.224754][ T5082] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555588749730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555588749730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555887416f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555588740650) = 5083 [pid 5083] set_robust_list(0x555588740660, 24) = 0 [pid 5083] chdir("./12") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1bbec00000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5083] munmap(0x7f1bbec00000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./bus", 0777) = 0 [ 71.616342][ T5083] loop0: detected capacity change from 0 to 2048 [pid 5083] mount("/dev/loop0", "./bus", "nilfs2", MS_NOSUID|MS_NOEXEC|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT, "") = 0 [pid 5083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5083] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5083] mkdirat(4, "./bus/file0", 000) = -1 EIO (Input/output error) [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 71.657255][ T5084] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555887416f0 /* 4 entries */, 32768) = 104 [ 76.847614][ C1] ================================================================== [ 76.855787][ C1] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x1fd0 [ 76.863548][ C1] Read of size 8 at addr ffff888019356410 by task swapper/1/0 [ 76.870989][ C1] [ 76.873292][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 76.882557][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 76.893300][ C1] Call Trace: [ 76.896772][ C1] [ 76.899616][ C1] dump_stack_lvl+0x241/0x360 [ 76.905012][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.910286][ C1] ? __pfx__printk+0x10/0x10 [ 76.915100][ C1] ? _printk+0xd5/0x120 [ 76.919268][ C1] ? __virt_addr_valid+0x183/0x520 [ 76.924653][ C1] ? __virt_addr_valid+0x183/0x520 [ 76.929809][ C1] print_report+0x169/0x550 [ 76.934449][ C1] ? __virt_addr_valid+0x183/0x520 [ 76.939568][ C1] ? __virt_addr_valid+0x183/0x520 [ 76.944678][ C1] ? __virt_addr_valid+0x44e/0x520 [ 76.949798][ C1] ? __phys_addr+0xba/0x170 [ 76.954415][ C1] ? __lock_acquire+0x78/0x1fd0 [ 76.959270][ C1] kasan_report+0x143/0x180 [ 76.963778][ C1] ? __lock_acquire+0x78/0x1fd0 [ 76.968760][ C1] __lock_acquire+0x78/0x1fd0 [ 76.973468][ C1] ? stack_trace_save+0x118/0x1d0 [ 76.978599][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 76.983975][ C1] lock_acquire+0x1e4/0x530 [ 76.988469][ C1] ? try_to_wake_up+0xb0/0x1470 [ 76.993308][ C1] ? __pfx_lockdep_unlock+0x10/0x10 [ 76.998501][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 77.003505][ C1] ? mark_lock+0x9a/0x350 [ 77.007904][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 77.012907][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 77.018334][ C1] ? try_to_wake_up+0xb0/0x1470 [ 77.023251][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 77.029144][ C1] try_to_wake_up+0xb0/0x1470 [ 77.033889][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 77.039205][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.045122][ C1] ? __pfx_try_to_wake_up+0x10/0x10 [ 77.050319][ C1] ? call_timer_fn+0xa8/0x600 [ 77.054983][ C1] call_timer_fn+0x17e/0x600 [ 77.059642][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.066070][ C1] ? call_timer_fn+0xc0/0x600 [ 77.070775][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.077469][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 77.082569][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.088982][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.095389][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.101638][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.106873][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 77.112177][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 77.118616][ C1] __run_timer_base+0x66a/0x8e0 [ 77.123468][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 77.128902][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.134096][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 77.139662][ C1] tmigr_handle_remote+0xbef/0x1690 [ 77.144873][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 77.151021][ C1] ? sched_clock_cpu+0x76/0x490 [ 77.156076][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 77.161453][ C1] __do_softirq+0x2bc/0x943 [ 77.166046][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 77.170885][ C1] ? __pfx___do_softirq+0x10/0x10 [ 77.175982][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 77.181249][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 77.185821][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 77.191363][ C1] irq_exit_rcu+0x9/0x30 [ 77.196384][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 77.202030][ C1] [ 77.204943][ C1] [ 77.207959][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 77.214022][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 77.219476][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 40 d0 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 95 ec 9b 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 77.239263][ C1] RSP: 0018:ffffc90000197d08 EFLAGS: 00000246 [ 77.245514][ C1] RAX: ffff888016eb5a00 RBX: ffff8880172ee064 RCX: 000000000001c8b9 [ 77.253782][ C1] RDX: 0000000000000001 RSI: ffff8880172ee000 RDI: ffff8880172ee064 [ 77.262051][ C1] RBP: 000000000003a0f8 R08: ffff8880b9537d0b R09: 1ffff110172a6fa1 [ 77.270188][ C1] R10: dffffc0000000000 R11: ffffffff8b6bc600 R12: ffff8880193f9800 [ 77.278282][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8e8948a0 [ 77.286250][ C1] ? __pfx_acpi_idle_enter+0x10/0x10 [ 77.291620][ C1] acpi_idle_enter+0xe4/0x140 [ 77.296556][ C1] cpuidle_enter_state+0x118/0x490 [ 77.301665][ C1] ? __pfx_tick_nohz_idle_stop_tick+0x10/0x10 [ 77.307807][ C1] cpuidle_enter+0x5d/0xa0 [ 77.312434][ C1] do_idle+0x375/0x5d0 [ 77.316577][ C1] ? __pfx_do_idle+0x10/0x10 [ 77.321154][ C1] cpu_startup_entry+0x42/0x60 [ 77.326161][ C1] start_secondary+0x100/0x100 [ 77.330920][ C1] common_startup_64+0x13e/0x147 [ 77.335845][ C1] [ 77.338850][ C1] [ 77.341174][ C1] Allocated by task 2: [ 77.345440][ C1] kasan_save_track+0x3f/0x80 [ 77.350129][ C1] __kasan_slab_alloc+0x66/0x80 [ 77.355151][ C1] kmem_cache_alloc_node+0x194/0x380 [ 77.360725][ C1] dup_task_struct+0x57/0x7d0 [ 77.365400][ C1] copy_process+0x5d1/0x3df0 [ 77.370295][ C1] kernel_clone+0x223/0x840 [ 77.374966][ C1] kernel_thread+0x1bc/0x240 [ 77.379912][ C1] kthreadd+0x60d/0x810 [ 77.386171][ C1] ret_from_fork+0x4b/0x80 [ 77.390605][ C1] ret_from_fork_asm+0x1a/0x30 [ 77.395658][ C1] [ 77.398122][ C1] Freed by task 0: [ 77.401850][ C1] kasan_save_track+0x3f/0x80 [ 77.407301][ C1] kasan_save_free_info+0x40/0x50 [ 77.412313][ C1] poison_slab_object+0xa6/0xe0 [ 77.417144][ C1] __kasan_slab_free+0x37/0x60 [ 77.422147][ C1] kmem_cache_free+0x102/0x2b0 [ 77.426896][ C1] delayed_put_task_struct+0x115/0x2d0 [ 77.432355][ C1] rcu_core+0xafd/0x1830 [ 77.436604][ C1] __do_softirq+0x2bc/0x943 [ 77.441182][ C1] [ 77.443490][ C1] Last potentially related work creation: [ 77.449474][ C1] kasan_save_stack+0x3f/0x60 [ 77.454236][ C1] __kasan_record_aux_stack+0xac/0xc0 [ 77.459645][ C1] call_rcu+0x167/0xa70 [ 77.463898][ C1] __schedule+0x1789/0x49d0 [ 77.468409][ C1] schedule+0x14b/0x320 [ 77.472635][ C1] bit_wait+0x12/0xd0 [ 77.476681][ C1] __wait_on_bit+0xb0/0x2f0 [ 77.481251][ C1] inode_wait_for_writeback+0x1f3/0x290 [ 77.486795][ C1] evict+0x277/0x630 [ 77.490677][ C1] nilfs_dispose_list+0x51d/0x5c0 [ 77.495774][ C1] process_scheduled_works+0xa00/0x1770 [ 77.501384][ C1] worker_thread+0x86d/0xd70 [ 77.506042][ C1] kthread+0x2f0/0x390 [ 77.510195][ C1] ret_from_fork+0x4b/0x80 [ 77.514596][ C1] ret_from_fork_asm+0x1a/0x30 [ 77.519428][ C1] [ 77.521820][ C1] The buggy address belongs to the object at ffff888019355a00 [ 77.521820][ C1] which belongs to the cache task_struct of size 7424 [ 77.536115][ C1] The buggy address is located 2576 bytes inside of [ 77.536115][ C1] freed 7424-byte region [ffff888019355a00, ffff888019357700) [ 77.550149][ C1] [ 77.552490][ C1] The buggy address belongs to the physical page: [ 77.559139][ C1] page:ffffea000064d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19350 [ 77.569266][ C1] head:ffffea000064d400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.578267][ C1] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 77.586746][ C1] page_type: 0xffffffff() [ 77.591075][ C1] raw: 00fff00000000840 ffff888015aec500 0000000000000000 dead000000000001 [ 77.599825][ C1] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 77.608473][ C1] page dumped because: kasan: bad access detected [ 77.614955][ C1] page_owner tracks the page as allocated [ 77.620822][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 7037009211, free_ts 0 [ 77.640593][ C1] post_alloc_hook+0x1ea/0x210 [ 77.645368][ C1] get_page_from_freelist+0x33ea/0x3580 [ 77.650897][ C1] __alloc_pages+0x256/0x680 [ 77.656001][ C1] alloc_slab_page+0x5f/0x160 [ 77.660742][ C1] new_slab+0x84/0x2f0 [ 77.664811][ C1] ___slab_alloc+0xc73/0x1260 [ 77.669480][ C1] kmem_cache_alloc_node+0x24a/0x380 [ 77.675704][ C1] dup_task_struct+0x57/0x7d0 [ 77.682879][ C1] copy_process+0x5d1/0x3df0 [ 77.687621][ C1] kernel_clone+0x223/0x840 [ 77.692104][ C1] kernel_thread+0x1bc/0x240 [ 77.696690][ C1] kthreadd+0x60d/0x810 [ 77.700912][ C1] ret_from_fork+0x4b/0x80 [ 77.705313][ C1] ret_from_fork_asm+0x1a/0x30 [ 77.710060][ C1] page_owner free stack trace missing [ 77.715462][ C1] [ 77.717773][ C1] Memory state around the buggy address: [ 77.723630][ C1] ffff888019356300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.731765][ C1] ffff888019356380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.740152][ C1] >ffff888019356400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.748277][ C1] ^ [ 77.753188][ C1] ffff888019356480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.761856][ C1] ffff888019356500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.770776][ C1] ================================================================== [ 77.779674][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.786936][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 77.796194][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 77.806244][ C1] Call Trace: [ 77.809507][ C1] [ 77.812337][ C1] dump_stack_lvl+0x241/0x360 [ 77.817008][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.822240][ C1] ? __pfx__printk+0x10/0x10 [ 77.827346][ C1] ? rcu_is_watching+0x15/0xb0 [ 77.832547][ C1] ? lock_release+0xbf/0x9d0 [ 77.837123][ C1] ? vscnprintf+0x5d/0x90 [ 77.841811][ C1] panic+0x349/0x860 [ 77.845780][ C1] ? check_panic_on_warn+0x21/0xb0 [ 77.850972][ C1] ? __pfx_panic+0x10/0x10 [ 77.855457][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 77.860654][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.866799][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.873111][ C1] ? print_report+0x502/0x550 [ 77.877792][ C1] check_panic_on_warn+0x86/0xb0 [ 77.882800][ C1] ? __lock_acquire+0x78/0x1fd0 [ 77.888572][ C1] end_report+0x6e/0x140 [ 77.893150][ C1] kasan_report+0x154/0x180 [ 77.897740][ C1] ? __lock_acquire+0x78/0x1fd0 [ 77.902590][ C1] __lock_acquire+0x78/0x1fd0 [ 77.907454][ C1] ? stack_trace_save+0x118/0x1d0 [ 77.912655][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 77.918207][ C1] lock_acquire+0x1e4/0x530 [ 77.922849][ C1] ? try_to_wake_up+0xb0/0x1470 [ 77.927707][ C1] ? __pfx_lockdep_unlock+0x10/0x10 [ 77.932900][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 77.937910][ C1] ? mark_lock+0x9a/0x350 [ 77.942251][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 77.947346][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 77.952623][ C1] ? try_to_wake_up+0xb0/0x1470 [ 77.957668][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 77.963660][ C1] try_to_wake_up+0xb0/0x1470 [ 77.968363][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 77.973382][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.979357][ C1] ? __pfx_try_to_wake_up+0x10/0x10 [ 77.984572][ C1] ? call_timer_fn+0xa8/0x600 [ 77.989262][ C1] call_timer_fn+0x17e/0x600 [ 77.993921][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.000169][ C1] ? call_timer_fn+0xc0/0x600 [ 78.004837][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.011414][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 78.016509][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.022883][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.029109][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.035421][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.040602][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 78.045928][ C1] ? __pfx_nilfs_construction_timeout+0x10/0x10 [ 78.052255][ C1] __run_timer_base+0x66a/0x8e0 [ 78.057111][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 78.062471][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.067654][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 78.072836][ C1] tmigr_handle_remote+0xbef/0x1690 [ 78.078281][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 78.083914][ C1] ? sched_clock_cpu+0x76/0x490 [ 78.088759][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 78.094203][ C1] __do_softirq+0x2bc/0x943 [ 78.098786][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 78.103544][ C1] ? __pfx___do_softirq+0x10/0x10 [ 78.108554][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 78.113842][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 78.118413][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 78.123604][ C1] irq_exit_rcu+0x9/0x30 [ 78.127835][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 78.133451][ C1] [ 78.136451][ C1] [ 78.139449][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 78.145674][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 78.151049][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 40 d0 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 95 ec 9b 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 78.170861][ C1] RSP: 0018:ffffc90000197d08 EFLAGS: 00000246 [ 78.176936][ C1] RAX: ffff888016eb5a00 RBX: ffff8880172ee064 RCX: 000000000001c8b9 [ 78.184939][ C1] RDX: 0000000000000001 RSI: ffff8880172ee000 RDI: ffff8880172ee064 [ 78.193101][ C1] RBP: 000000000003a0f8 R08: ffff8880b9537d0b R09: 1ffff110172a6fa1 [ 78.201065][ C1] R10: dffffc0000000000 R11: ffffffff8b6bc600 R12: ffff8880193f9800 [ 78.209453][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8e8948a0 [ 78.217521][ C1] ? __pfx_acpi_idle_enter+0x10/0x10 [ 78.222810][ C1] acpi_idle_enter+0xe4/0x140 [ 78.227651][ C1] cpuidle_enter_state+0x118/0x490 [ 78.232831][ C1] ? __pfx_tick_nohz_idle_stop_tick+0x10/0x10 [ 78.238993][ C1] cpuidle_enter+0x5d/0xa0 [ 78.243417][ C1] do_idle+0x375/0x5d0 [ 78.247713][ C1] ? __pfx_do_idle+0x10/0x10 [ 78.252325][ C1] cpu_startup_entry+0x42/0x60 [ 78.257352][ C1] start_secondary+0x100/0x100 [ 78.262191][ C1] common_startup_64+0x13e/0x147 [ 78.267127][ C1] [ 78.270786][ C1] Kernel Offset: disabled [ 78.275203][ C1] Rebooting in 86400 seconds..