./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor15974475
<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 4636
[ 42.356722][ T4637] 8021q: adding VLAN 0 to HW filter on device bond0
[ 42.383609][ T4637] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts.
execve("./syz-executor15974475", ["./syz-executor15974475"], 0x7fffce4bb260 /* 10 vars */) = 0
brk(NULL) = 0x555556a1e000
brk(0x555556a1ec40) = 0x555556a1ec40
arch_prctl(ARCH_SET_FS, 0x555556a1e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor15974475", 4096) = 26
brk(0x555556a3fc40) = 0x555556a3fc40
brk(0x555556a40000) = 0x555556a40000
mprotect(0x7f7f0c2c6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5061}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5061}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
getpid() = 5061
mkdir("./syzkaller.EYyorS", 0700) = 0
chmod("./syzkaller.EYyorS", 0777) = 0
chdir("./syzkaller.EYyorS") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] chdir("./0") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5064] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file0", 0777) = 0
syzkaller login: [ 70.175870][ T5064] loop0: detected capacity change from 0 to 4096
[ 70.195268][ T5064] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 70.207006][ T5064] NILFS (loop0): trying rollback from an earlier position
[pid 5064] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./file0") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] creat("./bus", 000) = 4
[pid 5064] open("./bus", O_RDONLY) = 5
[pid 5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5064] lseek(4, 4096, SEEK_SET) = 4096
[ 70.226002][ T5064] NILFS (loop0): recovery complete
[ 70.234965][ T5065] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5064] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 70.264816][ T27] audit: type=1804 audit(1675887785.875:2): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/0/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 70.287894][ T27] audit: type=1804 audit(1675887785.875:3): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/0/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5064] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5066
./strace-static-x86_64: Process 5066 attached
[pid 5066] chdir("./1") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5066] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./file0", 0777) = 0
[ 70.583610][ T5066] loop0: detected capacity change from 0 to 4096
[ 70.603306][ T5066] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 70.611368][ T5066] NILFS (loop0): trying rollback from an earlier position
[ 70.626241][ T5066] NILFS (loop0): recovery complete
[pid 5066] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./file0") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[pid 5066] creat("./bus", 000) = 4
[pid 5066] open("./bus", O_RDONLY) = 5
[pid 5066] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5066] lseek(4, 4096, SEEK_SET) = 4096
[pid 5066] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 70.635764][ T5067] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 70.654236][ T27] audit: type=1804 audit(1675887786.265:4): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/1/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 70.683367][ T27] audit: type=1804 audit(1675887786.275:5): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/1/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5066] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid 5068] chdir("./2") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5068] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./file0", 0777) = 0
[ 70.989369][ T5068] loop0: detected capacity change from 0 to 4096
[ 71.006475][ T5068] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 71.016288][ T5068] NILFS (loop0): trying rollback from an earlier position
[ 71.030936][ T5068] NILFS (loop0): recovery complete
[pid 5068] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./file0") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] creat("./bus", 000) = 4
[pid 5068] open("./bus", O_RDONLY) = 5
[pid 5068] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5068] lseek(4, 4096, SEEK_SET) = 4096
[ 71.037058][ T5069] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 71.058220][ T27] audit: type=1804 audit(1675887786.665:6): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/2/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5068] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 71.084090][ T27] audit: type=1804 audit(1675887786.685:7): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/2/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 71.204851][ T1211] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.211559][ T1211] ieee802154 phy1 wpan1: encryption failed: -22
[pid 5068] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5070
./strace-static-x86_64: Process 5070 attached
[pid 5070] chdir("./3") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5070] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./file0", 0777) = 0
[ 71.389073][ T5070] loop0: detected capacity change from 0 to 4096
[ 71.407421][ T5070] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 71.415538][ T5070] NILFS (loop0): trying rollback from an earlier position
[pid 5070] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./file0") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[pid 5070] creat("./bus", 000) = 4
[pid 5070] open("./bus", O_RDONLY) = 5
[pid 5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5070] lseek(4, 4096, SEEK_SET) = 4096
[pid 5070] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 71.434708][ T5070] NILFS (loop0): recovery complete
[ 71.442122][ T5071] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 71.462220][ T27] audit: type=1804 audit(1675887787.075:8): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/3/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 71.490232][ T27] audit: type=1804 audit(1675887787.075:9): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/3/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5070] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5072
./strace-static-x86_64: Process 5072 attached
[pid 5072] chdir("./4") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5072] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./file0", 0777) = 0
[ 71.804318][ T5072] loop0: detected capacity change from 0 to 4096
[ 71.824632][ T5072] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 71.832730][ T5072] NILFS (loop0): trying rollback from an earlier position
[pid 5072] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./file0") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] creat("./bus", 000) = 4
[pid 5072] open("./bus", O_RDONLY) = 5
[pid 5072] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5072] lseek(4, 4096, SEEK_SET) = 4096
[pid 5072] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 71.854844][ T5072] NILFS (loop0): recovery complete
[ 71.861272][ T5073] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 71.876857][ T27] audit: type=1804 audit(1675887787.485:10): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/4/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 71.912372][ T27] audit: type=1804 audit(1675887787.505:11): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/4/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5072] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid 5074] chdir("./5") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5074] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
[ 72.214068][ T5074] loop0: detected capacity change from 0 to 4096
[ 72.232928][ T5074] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 72.240949][ T5074] NILFS (loop0): trying rollback from an earlier position
[ 72.255787][ T5074] NILFS (loop0): recovery complete
[pid 5074] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] creat("./bus", 000) = 4
[pid 5074] open("./bus", O_RDONLY) = 5
[pid 5074] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5074] lseek(4, 4096, SEEK_SET) = 4096
[pid 5074] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 72.265161][ T5075] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5074] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./6") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5076] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[ 72.577528][ T5076] loop0: detected capacity change from 0 to 4096
[ 72.597209][ T5076] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 72.611526][ T5076] NILFS (loop0): trying rollback from an earlier position
[pid 5076] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] creat("./bus", 000) = 4
[pid 5076] open("./bus", O_RDONLY) = 5
[pid 5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5076] lseek(4, 4096, SEEK_SET) = 4096
[pid 5076] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 72.626053][ T5076] NILFS (loop0): recovery complete
[ 72.635132][ T5077] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5076] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] chdir("./7") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5078] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[ 72.947902][ T5078] loop0: detected capacity change from 0 to 4096
[ 72.967349][ T5078] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 72.975446][ T5078] NILFS (loop0): trying rollback from an earlier position
[pid 5078] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] creat("./bus", 000) = 4
[pid 5078] open("./bus", O_RDONLY) = 5
[pid 5078] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5078] lseek(4, 4096, SEEK_SET) = 4096
[pid 5078] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 73.001382][ T5078] NILFS (loop0): recovery complete
[ 73.007573][ T5079] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5078] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid 5080] chdir("./8") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5080] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[ 73.336119][ T5080] loop0: detected capacity change from 0 to 4096
[ 73.353469][ T5080] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 73.361586][ T5080] NILFS (loop0): trying rollback from an earlier position
[ 73.378255][ T5080] NILFS (loop0): recovery complete
[pid 5080] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] creat("./bus", 000) = 4
[pid 5080] open("./bus", O_RDONLY) = 5
[pid 5080] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5080] lseek(4, 4096, SEEK_SET) = 4096
[pid 5080] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 73.384883][ T5081] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5080] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./9") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5082] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[ 73.822440][ T5082] loop0: detected capacity change from 0 to 4096
[ 73.840472][ T5082] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 73.853921][ T5082] NILFS (loop0): trying rollback from an earlier position
[pid 5082] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] creat("./bus", 000) = 4
[pid 5082] open("./bus", O_RDONLY) = 5
[pid 5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5082] lseek(4, 4096, SEEK_SET) = 4096
[pid 5082] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 73.868474][ T5082] NILFS (loop0): recovery complete
[ 73.879740][ T5083] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5082] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5084
./strace-static-x86_64: Process 5084 attached
[pid 5084] chdir("./10") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5084] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[ 74.207028][ T5084] loop0: detected capacity change from 0 to 4096
[ 74.225329][ T5084] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 74.233601][ T5084] NILFS (loop0): trying rollback from an earlier position
[ 74.247947][ T5084] NILFS (loop0): recovery complete
[pid 5084] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] creat("./bus", 000) = 4
[pid 5084] open("./bus", O_RDONLY) = 5
[pid 5084] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5084] lseek(4, 4096, SEEK_SET) = 4096
[pid 5084] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 74.253956][ T5085] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5084] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5086
./strace-static-x86_64: Process 5086 attached
[pid 5086] chdir("./11") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5086] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] mkdir("./file0", 0777) = 0
[pid 5086] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./file0") = 0
[ 74.587023][ T5086] loop0: detected capacity change from 0 to 4096
[ 74.603485][ T5086] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 74.613866][ T5086] NILFS (loop0): trying rollback from an earlier position
[ 74.631556][ T5086] NILFS (loop0): recovery complete
[pid 5086] ioctl(4, LOOP_CLR_FD) = 0
[pid 5086] close(4) = 0
[pid 5086] creat("./bus", 000) = 4
[pid 5086] open("./bus", O_RDONLY) = 5
[pid 5086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5086] lseek(4, 4096, SEEK_SET) = 4096
[pid 5086] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 74.640312][ T5087] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5086] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./12") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5088] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0", 0777) = 0
[ 74.970616][ T5088] loop0: detected capacity change from 0 to 4096
[ 74.993685][ T5088] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 75.001844][ T5088] NILFS (loop0): trying rollback from an earlier position
[pid 5088] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] creat("./bus", 000) = 4
[pid 5088] open("./bus", O_RDONLY) = 5
[pid 5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5088] lseek(4, 4096, SEEK_SET) = 4096
[pid 5088] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 75.016155][ T5088] NILFS (loop0): recovery complete
[ 75.022129][ T5089] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5088] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./13") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5090] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[ 75.354177][ T5090] loop0: detected capacity change from 0 to 4096
[ 75.371223][ T5090] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 75.379270][ T5090] NILFS (loop0): trying rollback from an earlier position
[ 75.393438][ T5090] NILFS (loop0): recovery complete
[pid 5090] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] creat("./bus", 000) = 4
[pid 5090] open("./bus", O_RDONLY) = 5
[pid 5090] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5090] lseek(4, 4096, SEEK_SET) = 4096
[pid 5090] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 75.400224][ T5091] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 75.420992][ T27] kauditd_printk_skb: 16 callbacks suppressed
[ 75.421007][ T27] audit: type=1804 audit(1675887791.025:28): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/13/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 75.452144][ T27] audit: type=1804 audit(1675887791.045:29): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/13/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5090] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] chdir("./14") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5092] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[ 75.760188][ T5092] loop0: detected capacity change from 0 to 4096
[ 75.778612][ T5092] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 75.788159][ T5092] NILFS (loop0): trying rollback from an earlier position
[pid 5092] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] creat("./bus", 000) = 4
[pid 5092] open("./bus", O_RDONLY) = 5
[pid 5092] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5092] lseek(4, 4096, SEEK_SET) = 4096
[pid 5092] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 75.805672][ T5092] NILFS (loop0): recovery complete
[ 75.812306][ T5093] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 75.827444][ T27] audit: type=1804 audit(1675887791.445:30): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/14/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 75.856043][ T27] audit: type=1804 audit(1675887791.445:31): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/14/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5092] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./15") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5094] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[ 76.136193][ T5094] loop0: detected capacity change from 0 to 4096
[ 76.156783][ T5094] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 76.165201][ T5094] NILFS (loop0): trying rollback from an earlier position
[pid 5094] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] creat("./bus", 000) = 4
[pid 5094] open("./bus", O_RDONLY) = 5
[pid 5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5094] lseek(4, 4096, SEEK_SET) = 4096
[ 76.184759][ T5094] NILFS (loop0): recovery complete
[ 76.194500][ T5095] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 76.210870][ T27] audit: type=1804 audit(1675887791.815:32): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/15/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5094] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 76.238912][ T27] audit: type=1804 audit(1675887791.835:33): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/15/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5094] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] chdir("./16") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5096] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[ 76.689768][ T5096] loop0: detected capacity change from 0 to 4096
[ 76.710634][ T5096] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 76.723959][ T5096] NILFS (loop0): trying rollback from an earlier position
[pid 5096] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] creat("./bus", 000) = 4
[ 76.741522][ T5096] NILFS (loop0): recovery complete
[ 76.749535][ T5097] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5096] open("./bus", O_RDONLY) = 5
[pid 5096] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5096] lseek(4, 4096, SEEK_SET) = 4096
[pid 5096] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 76.779311][ T27] audit: type=1804 audit(1675887792.385:34): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/16/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 76.816572][ T27] audit: type=1804 audit(1675887792.415:35): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/16/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5096] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] chdir("./17") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5098] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[ 77.202888][ T5098] loop0: detected capacity change from 0 to 4096
[ 77.221216][ T5098] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 77.229428][ T5098] NILFS (loop0): trying rollback from an earlier position
[ 77.242855][ T5098] NILFS (loop0): recovery complete
[pid 5098] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] creat("./bus", 000) = 4
[pid 5098] open("./bus", O_RDONLY) = 5
[pid 5098] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5098] lseek(4, 4096, SEEK_SET) = 4096
[pid 5098] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 77.251643][ T5099] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 77.269301][ T27] audit: type=1804 audit(1675887792.885:36): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/17/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 77.294426][ T27] audit: type=1804 audit(1675887792.885:37): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/17/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5098] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5100
./strace-static-x86_64: Process 5100 attached
[pid 5100] chdir("./18") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5100] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[ 77.609521][ T5100] loop0: detected capacity change from 0 to 4096
[ 77.626977][ T5100] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 77.635463][ T5100] NILFS (loop0): trying rollback from an earlier position
[ 77.650494][ T5100] NILFS (loop0): recovery complete
[pid 5100] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] creat("./bus", 000) = 4
[pid 5100] open("./bus", O_RDONLY) = 5
[pid 5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5100] lseek(4, 4096, SEEK_SET) = 4096
[pid 5100] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 77.658981][ T5101] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5100] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5102
./strace-static-x86_64: Process 5102 attached
[pid 5102] chdir("./19") = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5102] memfd_create("syzkaller", 0) = 3
[pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5102] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5102] close(3) = 0
[pid 5102] mkdir("./file0", 0777) = 0
[ 77.998014][ T5102] loop0: detected capacity change from 0 to 4096
[ 78.013594][ T5102] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 78.021805][ T5102] NILFS (loop0): trying rollback from an earlier position
[ 78.036298][ T5102] NILFS (loop0): recovery complete
[pid 5102] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5102] chdir("./file0") = 0
[pid 5102] ioctl(4, LOOP_CLR_FD) = 0
[pid 5102] close(4) = 0
[pid 5102] creat("./bus", 000) = 4
[pid 5102] open("./bus", O_RDONLY) = 5
[pid 5102] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5102] lseek(4, 4096, SEEK_SET) = 4096
[pid 5102] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 78.042715][ T5103] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5102] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5102] exit_group(0) = ?
[pid 5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5104
./strace-static-x86_64: Process 5104 attached
[pid 5104] chdir("./20") = 0
[pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5104] setpgid(0, 0) = 0
[pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5104] write(3, "1000", 4) = 4
[pid 5104] close(3) = 0
[pid 5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5104] memfd_create("syzkaller", 0) = 3
[pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5104] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5104] close(3) = 0
[pid 5104] mkdir("./file0", 0777) = 0
[ 78.354570][ T5104] loop0: detected capacity change from 0 to 4096
[ 78.376669][ T5104] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 78.387915][ T5104] NILFS (loop0): trying rollback from an earlier position
[pid 5104] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5104] chdir("./file0") = 0
[pid 5104] ioctl(4, LOOP_CLR_FD) = 0
[pid 5104] close(4) = 0
[pid 5104] creat("./bus", 000) = 4
[pid 5104] open("./bus", O_RDONLY) = 5
[pid 5104] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5104] lseek(4, 4096, SEEK_SET) = 4096
[pid 5104] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 78.402983][ T5104] NILFS (loop0): recovery complete
[ 78.409150][ T5105] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5104] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5104] exit_group(0) = ?
[pid 5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5106
./strace-static-x86_64: Process 5106 attached
[pid 5106] chdir("./21") = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5106] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./file0", 0777) = 0
[ 78.754887][ T5106] loop0: detected capacity change from 0 to 4096
[ 78.768979][ T5106] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 78.777434][ T5106] NILFS (loop0): trying rollback from an earlier position
[ 78.790588][ T5106] NILFS (loop0): recovery complete
[pid 5106] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./file0") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] creat("./bus", 000) = 4
[pid 5106] open("./bus", O_RDONLY) = 5
[pid 5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5106] lseek(4, 4096, SEEK_SET) = 4096
[pid 5106] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 78.797281][ T5107] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5106] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid 5108] chdir("./22") = 0
[pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5108] setpgid(0, 0) = 0
[pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5108] write(3, "1000", 4) = 4
[pid 5108] close(3) = 0
[pid 5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5108] memfd_create("syzkaller", 0) = 3
[pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5108] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5108] close(3) = 0
[pid 5108] mkdir("./file0", 0777) = 0
[ 79.139284][ T5108] loop0: detected capacity change from 0 to 4096
[ 79.157366][ T5108] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 79.167280][ T5108] NILFS (loop0): trying rollback from an earlier position
[ 79.180420][ T5108] NILFS (loop0): recovery complete
[pid 5108] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5108] chdir("./file0") = 0
[pid 5108] ioctl(4, LOOP_CLR_FD) = 0
[pid 5108] close(4) = 0
[pid 5108] creat("./bus", 000) = 4
[pid 5108] open("./bus", O_RDONLY) = 5
[pid 5108] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5108] lseek(4, 4096, SEEK_SET) = 4096
[pid 5108] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 79.187832][ T5109] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5108] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5108] exit_group(0) = ?
[pid 5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid 5110] chdir("./23") = 0
[pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5110] setpgid(0, 0) = 0
[pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5110] write(3, "1000", 4) = 4
[pid 5110] close(3) = 0
[pid 5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5110] memfd_create("syzkaller", 0) = 3
[pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5110] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5110] close(3) = 0
[pid 5110] mkdir("./file0", 0777) = 0
[ 79.522436][ T5110] loop0: detected capacity change from 0 to 4096
[ 79.541892][ T5110] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 79.550020][ T5110] NILFS (loop0): trying rollback from an earlier position
[ 79.564396][ T5110] NILFS (loop0): recovery complete
[pid 5110] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5110] chdir("./file0") = 0
[pid 5110] ioctl(4, LOOP_CLR_FD) = 0
[pid 5110] close(4) = 0
[pid 5110] creat("./bus", 000) = 4
[pid 5110] open("./bus", O_RDONLY) = 5
[pid 5110] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5110] lseek(4, 4096, SEEK_SET) = 4096
[pid 5110] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 79.570763][ T5111] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5110] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5110] exit_group(0) = ?
[pid 5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5112
./strace-static-x86_64: Process 5112 attached
[pid 5112] chdir("./24") = 0
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5112] setpgid(0, 0) = 0
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5112] write(3, "1000", 4) = 4
[pid 5112] close(3) = 0
[pid 5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5112] memfd_create("syzkaller", 0) = 3
[pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5112] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5112] close(3) = 0
[pid 5112] mkdir("./file0", 0777) = 0
[ 79.894622][ T5112] loop0: detected capacity change from 0 to 4096
[ 79.915258][ T5112] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 79.923604][ T5112] NILFS (loop0): trying rollback from an earlier position
[pid 5112] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5112] chdir("./file0") = 0
[pid 5112] ioctl(4, LOOP_CLR_FD) = 0
[pid 5112] close(4) = 0
[pid 5112] creat("./bus", 000) = 4
[pid 5112] open("./bus", O_RDONLY) = 5
[pid 5112] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5112] lseek(4, 4096, SEEK_SET) = 4096
[pid 5112] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 79.945418][ T5112] NILFS (loop0): recovery complete
[ 79.951842][ T5113] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5112] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5112] exit_group(0) = ?
[pid 5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5114
./strace-static-x86_64: Process 5114 attached
[pid 5114] chdir("./25") = 0
[pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5114] setpgid(0, 0) = 0
[pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5114] write(3, "1000", 4) = 4
[pid 5114] close(3) = 0
[pid 5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5114] memfd_create("syzkaller", 0) = 3
[pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5114] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5114] close(3) = 0
[pid 5114] mkdir("./file0", 0777) = 0
[ 80.284740][ T5114] loop0: detected capacity change from 0 to 4096
[ 80.304735][ T5114] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 80.321813][ T5114] NILFS (loop0): trying rollback from an earlier position
[pid 5114] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5114] chdir("./file0") = 0
[pid 5114] ioctl(4, LOOP_CLR_FD) = 0
[pid 5114] close(4) = 0
[pid 5114] creat("./bus", 000) = 4
[pid 5114] open("./bus", O_RDONLY) = 5
[pid 5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5114] lseek(4, 4096, SEEK_SET) = 4096
[pid 5114] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 80.336474][ T5114] NILFS (loop0): recovery complete
[ 80.342719][ T5115] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5114] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5114] exit_group(0) = ?
[pid 5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5116
./strace-static-x86_64: Process 5116 attached
[pid 5116] chdir("./26") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5116] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./file0", 0777) = 0
[pid 5116] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[ 80.670633][ T5116] loop0: detected capacity change from 0 to 4096
[ 80.688201][ T5116] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 80.696286][ T5116] NILFS (loop0): trying rollback from an earlier position
[ 80.713002][ T5116] NILFS (loop0): recovery complete
[pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./file0") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] creat("./bus", 000) = 4
[pid 5116] open("./bus", O_RDONLY) = 5
[pid 5116] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5116] lseek(4, 4096, SEEK_SET) = 4096
[pid 5116] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 80.719524][ T5117] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 80.738897][ T27] kauditd_printk_skb: 16 callbacks suppressed
[ 80.738911][ T27] audit: type=1804 audit(1675887796.345:54): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/26/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 80.773285][ T27] audit: type=1804 audit(1675887796.345:55): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/26/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5116] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5116] exit_group(0) = ?
[pid 5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached
, child_tidptr=0x555556a1e5d0) = 5118
[pid 5118] chdir("./27") = 0
[pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5118] setpgid(0, 0) = 0
[pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5118] write(3, "1000", 4) = 4
[pid 5118] close(3) = 0
[pid 5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5118] memfd_create("syzkaller", 0) = 3
[pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5118] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5118] close(3) = 0
[pid 5118] mkdir("./file0", 0777) = 0
[pid 5118] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 81.040811][ T5118] loop0: detected capacity change from 0 to 4096
[ 81.058008][ T5118] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 81.066129][ T5118] NILFS (loop0): trying rollback from an earlier position
[ 81.080066][ T5118] NILFS (loop0): recovery complete
[pid 5118] chdir("./file0") = 0
[pid 5118] ioctl(4, LOOP_CLR_FD) = 0
[pid 5118] close(4) = 0
[pid 5118] creat("./bus", 000) = 4
[pid 5118] open("./bus", O_RDONLY) = 5
[pid 5118] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5118] lseek(4, 4096, SEEK_SET) = 4096
[pid 5118] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 81.087449][ T5119] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 81.105313][ T27] audit: type=1804 audit(1675887796.715:56): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/27/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 81.128170][ T27] audit: type=1804 audit(1675887796.715:57): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/27/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5118] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5118] exit_group(0) = ?
[pid 5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid 5120] chdir("./28") = 0
[pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5120] setpgid(0, 0) = 0
[pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5120] write(3, "1000", 4) = 4
[pid 5120] close(3) = 0
[pid 5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5120] memfd_create("syzkaller", 0) = 3
[pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5120] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5120] close(3) = 0
[pid 5120] mkdir("./file0", 0777) = 0
[ 81.439059][ T5120] loop0: detected capacity change from 0 to 4096
[ 81.448290][ T26] cfg80211: failed to load regulatory.db
[ 81.465268][ T5120] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 81.473581][ T5120] NILFS (loop0): trying rollback from an earlier position
[pid 5120] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5120] chdir("./file0") = 0
[pid 5120] ioctl(4, LOOP_CLR_FD) = 0
[pid 5120] close(4) = 0
[pid 5120] creat("./bus", 000) = 4
[pid 5120] open("./bus", O_RDONLY) = 5
[pid 5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5120] lseek(4, 4096, SEEK_SET) = 4096
[pid 5120] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 81.487735][ T5120] NILFS (loop0): recovery complete
[ 81.494067][ T5121] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 81.507243][ T27] audit: type=1804 audit(1675887797.115:58): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/28/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 81.548777][ T27] audit: type=1804 audit(1675887797.115:59): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/28/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5120] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5120] exit_group(0) = ?
[pid 5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] chdir("./29") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5122] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[ 81.816663][ T5122] loop0: detected capacity change from 0 to 4096
[ 81.832420][ T5122] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 81.841494][ T5122] NILFS (loop0): trying rollback from an earlier position
[ 81.858103][ T5122] NILFS (loop0): recovery complete
[pid 5122] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] creat("./bus", 000) = 4
[pid 5122] open("./bus", O_RDONLY) = 5
[pid 5122] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5122] lseek(4, 4096, SEEK_SET) = 4096
[ 81.864727][ T5123] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 81.882578][ T27] audit: type=1804 audit(1675887797.495:60): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/29/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5122] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 81.906945][ T27] audit: type=1804 audit(1675887797.525:61): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/29/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5122] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5124
./strace-static-x86_64: Process 5124 attached
[pid 5124] chdir("./30") = 0
[pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5124] setpgid(0, 0) = 0
[pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5124] write(3, "1000", 4) = 4
[pid 5124] close(3) = 0
[pid 5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5124] memfd_create("syzkaller", 0) = 3
[pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5124] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5124] close(3) = 0
[pid 5124] mkdir("./file0", 0777) = 0
[ 82.226488][ T5124] loop0: detected capacity change from 0 to 4096
[ 82.245083][ T5124] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 82.253203][ T5124] NILFS (loop0): trying rollback from an earlier position
[ 82.267756][ T5124] NILFS (loop0): recovery complete
[pid 5124] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5124] chdir("./file0") = 0
[pid 5124] ioctl(4, LOOP_CLR_FD) = 0
[pid 5124] close(4) = 0
[pid 5124] creat("./bus", 000) = 4
[pid 5124] open("./bus", O_RDONLY) = 5
[pid 5124] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5124] lseek(4, 4096, SEEK_SET) = 4096
[pid 5124] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 82.273844][ T5125] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 82.289691][ T27] audit: type=1804 audit(1675887797.895:62): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/30/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 82.314598][ T27] audit: type=1804 audit(1675887797.895:63): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/30/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5124] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5124] exit_group(0) = ?
[pid 5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5126
./strace-static-x86_64: Process 5126 attached
[pid 5126] chdir("./31") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5126] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./file0", 0777) = 0
[ 82.595408][ T5126] loop0: detected capacity change from 0 to 4096
[ 82.615428][ T5126] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 82.624632][ T5126] NILFS (loop0): trying rollback from an earlier position
[ 82.639806][ T5126] NILFS (loop0): recovery complete
[pid 5126] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./file0") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] creat("./bus", 000) = 4
[pid 5126] open("./bus", O_RDONLY) = 5
[pid 5126] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5126] lseek(4, 4096, SEEK_SET) = 4096
[pid 5126] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 82.646454][ T5127] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5126] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5128
./strace-static-x86_64: Process 5128 attached
[pid 5128] chdir("./32") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5128] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./file0", 0777) = 0
[ 82.959284][ T5128] loop0: detected capacity change from 0 to 4096
[ 82.979565][ T5128] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 82.987748][ T5128] NILFS (loop0): trying rollback from an earlier position
[ 83.002646][ T5128] NILFS (loop0): recovery complete
[pid 5128] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./file0") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[pid 5128] close(4) = 0
[pid 5128] creat("./bus", 000) = 4
[pid 5128] open("./bus", O_RDONLY) = 5
[pid 5128] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5128] lseek(4, 4096, SEEK_SET) = 4096
[pid 5128] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 83.010098][ T5129] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5128] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5130
./strace-static-x86_64: Process 5130 attached
[pid 5130] chdir("./33") = 0
[pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5130] setpgid(0, 0) = 0
[pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5130] write(3, "1000", 4) = 4
[pid 5130] close(3) = 0
[pid 5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5130] memfd_create("syzkaller", 0) = 3
[pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5130] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5130] close(3) = 0
[pid 5130] mkdir("./file0", 0777) = 0
[pid 5130] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[ 83.339664][ T5130] loop0: detected capacity change from 0 to 4096
[ 83.358767][ T5130] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 83.366957][ T5130] NILFS (loop0): trying rollback from an earlier position
[ 83.382388][ T5130] NILFS (loop0): recovery complete
[pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5130] chdir("./file0") = 0
[pid 5130] ioctl(4, LOOP_CLR_FD) = 0
[pid 5130] close(4) = 0
[pid 5130] creat("./bus", 000) = 4
[pid 5130] open("./bus", O_RDONLY) = 5
[pid 5130] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5130] lseek(4, 4096, SEEK_SET) = 4096
[pid 5130] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 83.388577][ T5131] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5130] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5130] exit_group(0) = ?
[pid 5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5132
./strace-static-x86_64: Process 5132 attached
[pid 5132] chdir("./34") = 0
[pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5132] setpgid(0, 0) = 0
[pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5132] write(3, "1000", 4) = 4
[pid 5132] close(3) = 0
[pid 5132] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5132] memfd_create("syzkaller", 0) = 3
[pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5132] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5132] close(3) = 0
[pid 5132] mkdir("./file0", 0777) = 0
[ 83.700435][ T5132] loop0: detected capacity change from 0 to 4096
[ 83.717646][ T5132] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 83.725938][ T5132] NILFS (loop0): trying rollback from an earlier position
[ 83.740791][ T5132] NILFS (loop0): recovery complete
[pid 5132] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5132] chdir("./file0") = 0
[pid 5132] ioctl(4, LOOP_CLR_FD) = 0
[pid 5132] close(4) = 0
[pid 5132] creat("./bus", 000) = 4
[pid 5132] open("./bus", O_RDONLY) = 5
[pid 5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5132] lseek(4, 4096, SEEK_SET) = 4096
[pid 5132] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 83.748136][ T5133] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5132] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5132] exit_group(0) = ?
[pid 5132] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5134
./strace-static-x86_64: Process 5134 attached
[pid 5134] chdir("./35") = 0
[pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5134] setpgid(0, 0) = 0
[pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5134] write(3, "1000", 4) = 4
[pid 5134] close(3) = 0
[pid 5134] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5134] memfd_create("syzkaller", 0) = 3
[pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5134] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5134] close(3) = 0
[pid 5134] mkdir("./file0", 0777) = 0
[ 84.047025][ T5134] loop0: detected capacity change from 0 to 4096
[ 84.063894][ T5134] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 84.071959][ T5134] NILFS (loop0): trying rollback from an earlier position
[ 84.086032][ T5134] NILFS (loop0): recovery complete
[pid 5134] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5134] chdir("./file0") = 0
[pid 5134] ioctl(4, LOOP_CLR_FD) = 0
[pid 5134] close(4) = 0
[pid 5134] creat("./bus", 000) = 4
[pid 5134] open("./bus", O_RDONLY) = 5
[pid 5134] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5134] lseek(4, 4096, SEEK_SET) = 4096
[pid 5134] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 84.092154][ T5135] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5134] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5134] exit_group(0) = ?
[pid 5134] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5136
./strace-static-x86_64: Process 5136 attached
[pid 5136] chdir("./36") = 0
[pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5136] setpgid(0, 0) = 0
[pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5136] write(3, "1000", 4) = 4
[pid 5136] close(3) = 0
[pid 5136] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5136] memfd_create("syzkaller", 0) = 3
[pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5136] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5136] close(3) = 0
[pid 5136] mkdir("./file0", 0777) = 0
[pid 5136] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[ 84.401689][ T5136] loop0: detected capacity change from 0 to 4096
[ 84.419642][ T5136] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 84.428747][ T5136] NILFS (loop0): trying rollback from an earlier position
[ 84.443760][ T5136] NILFS (loop0): recovery complete
[pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5136] chdir("./file0") = 0
[pid 5136] ioctl(4, LOOP_CLR_FD) = 0
[pid 5136] close(4) = 0
[pid 5136] creat("./bus", 000) = 4
[pid 5136] open("./bus", O_RDONLY) = 5
[pid 5136] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5136] lseek(4, 4096, SEEK_SET) = 4096
[pid 5136] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 84.449700][ T5137] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5136] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5136] exit_group(0) = ?
[pid 5136] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5138
./strace-static-x86_64: Process 5138 attached
[pid 5138] chdir("./37") = 0
[pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5138] setpgid(0, 0) = 0
[pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5138] write(3, "1000", 4) = 4
[pid 5138] close(3) = 0
[pid 5138] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5138] memfd_create("syzkaller", 0) = 3
[pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5138] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5138] close(3) = 0
[pid 5138] mkdir("./file0", 0777) = 0
[pid 5138] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5138] chdir("./file0") = 0
[ 84.763425][ T5138] loop0: detected capacity change from 0 to 4096
[ 84.780429][ T5138] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 84.788529][ T5138] NILFS (loop0): trying rollback from an earlier position
[ 84.803327][ T5138] NILFS (loop0): recovery complete
[pid 5138] ioctl(4, LOOP_CLR_FD) = 0
[pid 5138] close(4) = 0
[pid 5138] creat("./bus", 000) = 4
[pid 5138] open("./bus", O_RDONLY) = 5
[pid 5138] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5138] lseek(4, 4096, SEEK_SET) = 4096
[pid 5138] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 84.811372][ T5139] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5138] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5138] exit_group(0) = ?
[pid 5138] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5140
./strace-static-x86_64: Process 5140 attached
[pid 5140] chdir("./38") = 0
[pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5140] setpgid(0, 0) = 0
[pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5140] write(3, "1000", 4) = 4
[pid 5140] close(3) = 0
[pid 5140] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5140] memfd_create("syzkaller", 0) = 3
[pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5140] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5140] close(3) = 0
[pid 5140] mkdir("./file0", 0777) = 0
[ 85.119406][ T5140] loop0: detected capacity change from 0 to 4096
[ 85.134159][ T5140] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 85.146403][ T5140] NILFS (loop0): trying rollback from an earlier position
[ 85.159727][ T5140] NILFS (loop0): recovery complete
[pid 5140] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5140] chdir("./file0") = 0
[pid 5140] ioctl(4, LOOP_CLR_FD) = 0
[pid 5140] close(4) = 0
[pid 5140] creat("./bus", 000) = 4
[pid 5140] open("./bus", O_RDONLY) = 5
[pid 5140] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5140] lseek(4, 4096, SEEK_SET) = 4096
[pid 5140] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 85.170856][ T5141] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5140] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5140] exit_group(0) = ?
[pid 5140] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5142
./strace-static-x86_64: Process 5142 attached
[pid 5142] chdir("./39") = 0
[pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5142] setpgid(0, 0) = 0
[pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5142] write(3, "1000", 4) = 4
[pid 5142] close(3) = 0
[pid 5142] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5142] memfd_create("syzkaller", 0) = 3
[pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5142] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5142] close(3) = 0
[pid 5142] mkdir("./file0", 0777) = 0
[pid 5142] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[ 85.484521][ T5142] loop0: detected capacity change from 0 to 4096
[ 85.502211][ T5142] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 85.510283][ T5142] NILFS (loop0): trying rollback from an earlier position
[ 85.524558][ T5142] NILFS (loop0): recovery complete
[pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5142] chdir("./file0") = 0
[pid 5142] ioctl(4, LOOP_CLR_FD) = 0
[pid 5142] close(4) = 0
[pid 5142] creat("./bus", 000) = 4
[pid 5142] open("./bus", O_RDONLY) = 5
[pid 5142] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5142] lseek(4, 4096, SEEK_SET) = 4096
[pid 5142] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 85.530917][ T5143] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5142] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5142] exit_group(0) = ?
[pid 5142] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5144
./strace-static-x86_64: Process 5144 attached
[pid 5144] chdir("./40") = 0
[pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5144] setpgid(0, 0) = 0
[pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5144] write(3, "1000", 4) = 4
[pid 5144] close(3) = 0
[pid 5144] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5144] memfd_create("syzkaller", 0) = 3
[pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5144] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5144] close(3) = 0
[pid 5144] mkdir("./file0", 0777) = 0
[ 85.847444][ T5144] loop0: detected capacity change from 0 to 4096
[ 85.863660][ T5144] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 85.873329][ T5144] NILFS (loop0): trying rollback from an earlier position
[pid 5144] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5144] chdir("./file0") = 0
[pid 5144] ioctl(4, LOOP_CLR_FD) = 0
[pid 5144] close(4) = 0
[pid 5144] creat("./bus", 000) = 4
[pid 5144] open("./bus", O_RDONLY) = 5
[pid 5144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5144] lseek(4, 4096, SEEK_SET) = 4096
[pid 5144] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 85.890776][ T5144] NILFS (loop0): recovery complete
[ 85.912127][ T5145] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 85.927909][ T27] kauditd_printk_skb: 18 callbacks suppressed
[ 85.927922][ T27] audit: type=1804 audit(1675887801.535:82): pid=5144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/40/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 85.960305][ T27] audit: type=1804 audit(1675887801.555:83): pid=5144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/40/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5144] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5144] exit_group(0) = ?
[pid 5144] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5146
./strace-static-x86_64: Process 5146 attached
[pid 5146] chdir("./41") = 0
[pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5146] setpgid(0, 0) = 0
[pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5146] write(3, "1000", 4) = 4
[pid 5146] close(3) = 0
[pid 5146] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5146] memfd_create("syzkaller", 0) = 3
[pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5146] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5146] close(3) = 0
[pid 5146] mkdir("./file0", 0777) = 0
[ 86.251084][ T5146] loop0: detected capacity change from 0 to 4096
[ 86.267885][ T5146] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 86.275983][ T5146] NILFS (loop0): trying rollback from an earlier position
[ 86.294284][ T5146] NILFS (loop0): recovery complete
[pid 5146] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5146] chdir("./file0") = 0
[pid 5146] ioctl(4, LOOP_CLR_FD) = 0
[pid 5146] close(4) = 0
[pid 5146] creat("./bus", 000) = 4
[pid 5146] open("./bus", O_RDONLY) = 5
[pid 5146] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5146] lseek(4, 4096, SEEK_SET) = 4096
[pid 5146] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 86.300523][ T5147] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 86.321438][ T27] audit: type=1804 audit(1675887801.935:84): pid=5146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/41/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 86.352754][ T27] audit: type=1804 audit(1675887801.935:85): pid=5146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/41/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5146] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5146] exit_group(0) = ?
[pid 5146] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5148
./strace-static-x86_64: Process 5148 attached
[pid 5148] chdir("./42") = 0
[pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5148] setpgid(0, 0) = 0
[pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5148] write(3, "1000", 4) = 4
[pid 5148] close(3) = 0
[pid 5148] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5148] memfd_create("syzkaller", 0) = 3
[pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5148] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5148] close(3) = 0
[pid 5148] mkdir("./file0", 0777) = 0
[ 86.640604][ T5148] loop0: detected capacity change from 0 to 4096
[ 86.659131][ T5148] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 86.667197][ T5148] NILFS (loop0): trying rollback from an earlier position
[pid 5148] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5148] chdir("./file0") = 0
[pid 5148] ioctl(4, LOOP_CLR_FD) = 0
[pid 5148] close(4) = 0
[pid 5148] creat("./bus", 000) = 4
[pid 5148] open("./bus", O_RDONLY) = 5
[pid 5148] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5148] lseek(4, 4096, SEEK_SET) = 4096
[pid 5148] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 86.687732][ T5148] NILFS (loop0): recovery complete
[ 86.693869][ T5149] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 86.707624][ T27] audit: type=1804 audit(1675887802.325:86): pid=5148 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/42/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 86.737947][ T27] audit: type=1804 audit(1675887802.325:87): pid=5148 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/42/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5148] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5148] exit_group(0) = ?
[pid 5148] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5150
./strace-static-x86_64: Process 5150 attached
[pid 5150] chdir("./43") = 0
[pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5150] setpgid(0, 0) = 0
[pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5150] write(3, "1000", 4) = 4
[pid 5150] close(3) = 0
[pid 5150] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5150] memfd_create("syzkaller", 0) = 3
[pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5150] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5150] close(3) = 0
[pid 5150] mkdir("./file0", 0777) = 0
[ 87.040206][ T5150] loop0: detected capacity change from 0 to 4096
[ 87.056366][ T5150] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 87.065764][ T5150] NILFS (loop0): trying rollback from an earlier position
[ 87.079055][ T5150] NILFS (loop0): recovery complete
[pid 5150] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5150] chdir("./file0") = 0
[pid 5150] ioctl(4, LOOP_CLR_FD) = 0
[pid 5150] close(4) = 0
[pid 5150] creat("./bus", 000) = 4
[pid 5150] open("./bus", O_RDONLY) = 5
[pid 5150] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5150] lseek(4, 4096, SEEK_SET) = 4096
[pid 5150] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 87.085557][ T5151] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 87.104958][ T27] audit: type=1804 audit(1675887802.715:88): pid=5150 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/43/file0/bus" dev="loop0" ino=12 res=1 errno=0
[ 87.129169][ T27] audit: type=1804 audit(1675887802.725:89): pid=5150 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/43/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5150] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5150] exit_group(0) = ?
[pid 5150] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5152
./strace-static-x86_64: Process 5152 attached
[pid 5152] chdir("./44") = 0
[pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5152] setpgid(0, 0) = 0
[pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5152] write(3, "1000", 4) = 4
[pid 5152] close(3) = 0
[pid 5152] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5152] memfd_create("syzkaller", 0) = 3
[pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5152] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5152] close(3) = 0
[pid 5152] mkdir("./file0", 0777) = 0
[ 87.413580][ T5152] loop0: detected capacity change from 0 to 4096
[ 87.429560][ T5152] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 87.438273][ T5152] NILFS (loop0): trying rollback from an earlier position
[ 87.453123][ T5152] NILFS (loop0): recovery complete
[pid 5152] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5152] chdir("./file0") = 0
[pid 5152] ioctl(4, LOOP_CLR_FD) = 0
[pid 5152] close(4) = 0
[pid 5152] creat("./bus", 000) = 4
[pid 5152] open("./bus", O_RDONLY) = 5
[pid 5152] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5152] lseek(4, 4096, SEEK_SET) = 4096
[ 87.465204][ T5153] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 87.481277][ T27] audit: type=1804 audit(1675887803.095:90): pid=5152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor159" name="/root/syzkaller.EYyorS/44/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5152] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 87.504210][ T27] audit: type=1804 audit(1675887803.105:91): pid=5152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor159" name="/root/syzkaller.EYyorS/44/file0/bus" dev="loop0" ino=12 res=1 errno=0
[pid 5152] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5152] exit_group(0) = ?
[pid 5152] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5154
./strace-static-x86_64: Process 5154 attached
[pid 5154] chdir("./45") = 0
[pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5154] setpgid(0, 0) = 0
[pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5154] write(3, "1000", 4) = 4
[pid 5154] close(3) = 0
[pid 5154] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5154] memfd_create("syzkaller", 0) = 3
[pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5154] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5154] close(3) = 0
[pid 5154] mkdir("./file0", 0777) = 0
[ 87.809971][ T5154] loop0: detected capacity change from 0 to 4096
[ 87.827718][ T5154] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 87.835825][ T5154] NILFS (loop0): trying rollback from an earlier position
[ 87.853174][ T5154] NILFS (loop0): recovery complete
[pid 5154] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5154] chdir("./file0") = 0
[pid 5154] ioctl(4, LOOP_CLR_FD) = 0
[pid 5154] close(4) = 0
[pid 5154] creat("./bus", 000) = 4
[pid 5154] open("./bus", O_RDONLY) = 5
[pid 5154] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5154] lseek(4, 4096, SEEK_SET) = 4096
[pid 5154] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 87.859683][ T5155] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5154] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5154] exit_group(0) = ?
[pid 5154] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5156
./strace-static-x86_64: Process 5156 attached
[pid 5156] chdir("./46") = 0
[pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5156] setpgid(0, 0) = 0
[pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5156] write(3, "1000", 4) = 4
[pid 5156] close(3) = 0
[pid 5156] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5156] memfd_create("syzkaller", 0) = 3
[pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5156] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5156] close(3) = 0
[pid 5156] mkdir("./file0", 0777) = 0
[ 88.164054][ T5156] loop0: detected capacity change from 0 to 4096
[ 88.181861][ T5156] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 88.189877][ T5156] NILFS (loop0): trying rollback from an earlier position
[pid 5156] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5156] chdir("./file0") = 0
[pid 5156] ioctl(4, LOOP_CLR_FD) = 0
[pid 5156] close(4) = 0
[pid 5156] creat("./bus", 000) = 4
[pid 5156] open("./bus", O_RDONLY) = 5
[pid 5156] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5156] lseek(4, 4096, SEEK_SET) = 4096
[pid 5156] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 88.209479][ T5156] NILFS (loop0): recovery complete
[ 88.216577][ T5157] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5156] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5156] exit_group(0) = ?
[pid 5156] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5158
./strace-static-x86_64: Process 5158 attached
[pid 5158] chdir("./47") = 0
[pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5158] setpgid(0, 0) = 0
[pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5158] write(3, "1000", 4) = 4
[pid 5158] close(3) = 0
[pid 5158] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5158] memfd_create("syzkaller", 0) = 3
[pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5158] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5158] close(3) = 0
[pid 5158] mkdir("./file0", 0777) = 0
[ 88.543346][ T5158] loop0: detected capacity change from 0 to 4096
[ 88.563310][ T5158] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 88.571468][ T5158] NILFS (loop0): trying rollback from an earlier position
[ 88.586481][ T5158] NILFS (loop0): recovery complete
[pid 5158] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5158] chdir("./file0") = 0
[pid 5158] ioctl(4, LOOP_CLR_FD) = 0
[pid 5158] close(4) = 0
[pid 5158] creat("./bus", 000) = 4
[pid 5158] open("./bus", O_RDONLY) = 5
[pid 5158] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5158] lseek(4, 4096, SEEK_SET) = 4096
[pid 5158] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 88.592738][ T5159] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5158] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5158] exit_group(0) = ?
[pid 5158] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5160
./strace-static-x86_64: Process 5160 attached
[pid 5160] chdir("./48") = 0
[pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5160] setpgid(0, 0) = 0
[pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5160] write(3, "1000", 4) = 4
[pid 5160] close(3) = 0
[pid 5160] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5160] memfd_create("syzkaller", 0) = 3
[pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5160] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5160] close(3) = 0
[pid 5160] mkdir("./file0", 0777) = 0
[ 88.897472][ T5160] loop0: detected capacity change from 0 to 4096
[ 88.914253][ T5160] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 88.922320][ T5160] NILFS (loop0): trying rollback from an earlier position
[ 88.942142][ T5160] NILFS (loop0): recovery complete
[pid 5160] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5160] chdir("./file0") = 0
[pid 5160] ioctl(4, LOOP_CLR_FD) = 0
[pid 5160] close(4) = 0
[pid 5160] creat("./bus", 000) = 4
[pid 5160] open("./bus", O_RDONLY) = 5
[pid 5160] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5160] lseek(4, 4096, SEEK_SET) = 4096
[pid 5160] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 88.948532][ T5161] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5160] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5160] exit_group(0) = ?
[pid 5160] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5162
./strace-static-x86_64: Process 5162 attached
[pid 5162] chdir("./49") = 0
[pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5162] setpgid(0, 0) = 0
[pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5162] write(3, "1000", 4) = 4
[pid 5162] close(3) = 0
[pid 5162] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5162] memfd_create("syzkaller", 0) = 3
[pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5162] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5162] close(3) = 0
[pid 5162] mkdir("./file0", 0777) = 0
[ 89.262643][ T5162] loop0: detected capacity change from 0 to 4096
[ 89.281451][ T5162] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 89.289777][ T5162] NILFS (loop0): trying rollback from an earlier position
[ 89.306242][ T5162] NILFS (loop0): recovery complete
[pid 5162] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5162] chdir("./file0") = 0
[pid 5162] ioctl(4, LOOP_CLR_FD) = 0
[pid 5162] close(4) = 0
[pid 5162] creat("./bus", 000) = 4
[pid 5162] open("./bus", O_RDONLY) = 5
[pid 5162] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5162] lseek(4, 4096, SEEK_SET) = 4096
[pid 5162] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 89.312975][ T5163] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid 5162] sendfile(4, 5, NULL, 145139829833722) = 268832
[pid 5162] exit_group(0) = ?
[pid 5162] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556a1f620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556a27660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a27660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x555556a1f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a1e5d0) = 5164
./strace-static-x86_64: Process 5164 attached
[pid 5164] chdir("./50") = 0
[pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5164] setpgid(0, 0) = 0
[pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5164] write(3, "1000", 4) = 4
[pid 5164] close(3) = 0
[pid 5164] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5164] memfd_create("syzkaller", 0) = 3
[pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f03e07000
[pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid 5164] munmap(0x7f7f03e07000, 2097152) = 0
[pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5164] close(3) = 0
[pid 5164] mkdir("./file0", 0777) = 0
[ 89.642463][ T5164] loop0: detected capacity change from 0 to 4096
[ 89.667473][ T5164] NILFS (loop0): invalid segment: Checksum error in segment payload
[ 89.675630][ T5164] NILFS (loop0): trying rollback from an earlier position
[pid 5164] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5164] chdir("./file0") = 0
[pid 5164] ioctl(4, LOOP_CLR_FD) = 0
[pid 5164] close(4) = 0
[pid 5164] creat("./bus", 000) = 4
[pid 5164] open("./bus", O_RDONLY) = 5
[pid 5164] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid 5164] lseek(4, 4096, SEEK_SET) = 4096
[pid 5164] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2592) = 2592
[ 89.690523][ T5164] NILFS (loop0): recovery complete
[ 89.702139][ T5165] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 89.748605][ T5165] ------------[ cut here ]------------
[ 89.759000][ T5165] WARNING: CPU: 1 PID: 5165 at fs/nilfs2/btree.c:2282 nilfs_btree_assign+0xa9f/0xd10
[ 89.769010][ T5165] Modules linked in:
[ 89.773199][ T5165] CPU: 1 PID: 5165 Comm: segctord Not tainted 6.2.0-rc7-syzkaller-00018-g0983f6bf2bfc #0
[ 89.784762][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 89.798825][ T5165] RIP: 0010:nilfs_btree_assign+0xa9f/0xd10
[ 89.804770][ T5165] Code: 00 0f 85 81 02 00 00 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 5d 90 3b fe 4c 8b 7c 24 38 eb a6 e8 51 90 3b fe <0f> 0b 41 be fe ff ff ff eb 97 44 89 f1 80 e1 07 80 c1 03 38 c1 0f
[ 89.830174][ T5165] RSP: 0018:ffffc90003e8f580 EFLAGS: 00010293
[ 89.836352][ T5165] RAX: ffffffff835041ff RBX: ffff888070d87368 RCX: ffff888027610000
[ 89.845927][ T5165] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe
[ 89.857316][ T5165] RBP: ffffc90003e8f6b0 R08: ffffffff83503b5b R09: ffffed100e5c8eaf
[ 89.867316][ T5165] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 89.876040][ T5165] R13: ffff8880286b4380 R14: 00000000fffffffe R15: 1ffff920007d1ec0
[ 89.892106][ T5165] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 89.901114][ T5165] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 89.917100][ T5165] CR2: 00007f7f0c2ca140 CR3: 0000000017618000 CR4: 00000000003506e0
[ 89.925790][ T5165] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 89.934055][ T5165] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 89.951890][ T5165] Call Trace:
[ 89.955294][ T5165]
[ 89.958278][ T5165] ? read_lock_is_recursive+0x20/0x20
[ 89.963791][ T5165] ? nilfs_btree_lookup_dirty_buffers+0xfd0/0xfd0
[ 89.972780][ T5165] ? __up_read+0x670/0x670
[ 89.980549][ T5165] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.986746][ T5165] nilfs_bmap_assign+0x8b/0x160
[ 89.996619][ T5165] nilfs_segctor_do_construct+0x3a11/0x6f70
[ 90.009979][ T5165] ? nilfs_transaction_unlock+0x210/0x210
[ 90.015855][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.021376][ T5165] ? rcu_read_lock_sched_held+0x8d/0x130
[ 90.038661][ T5165] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.044866][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.050362][ T5165] ? __lock_acquire+0x1f80/0x1f80
[ 90.059602][ T5165] ? do_raw_spin_unlock+0x13b/0x8b0
[ 90.065612][ T5165] ? _raw_spin_unlock+0x28/0x40
[ 90.070496][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.076051][ T5165] nilfs_segctor_construct+0x145/0x8c0
[ 90.082721][ T5165] nilfs_segctor_thread+0x53a/0x1140
[ 90.094149][ T5165] ? nilfs_construction_timeout+0x40/0x40
[ 90.101458][ T5165] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 90.112256][ T5165] ? _raw_spin_unlock+0x40/0x40
[ 90.117160][ T5165] ? wake_bit_function+0x220/0x220
[ 90.122485][ T5165] ? _raw_spin_unlock+0x40/0x40
[ 90.127361][ T5165] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 90.133442][ T5165] ? __kthread_parkme+0x164/0x1c0
[ 90.138552][ T5165] kthread+0x270/0x300
[ 90.142720][ T5165] ? nilfs_construction_timeout+0x40/0x40
[ 90.148468][ T5165] ? kthread_blkcg+0xd0/0xd0
[ 90.153159][ T5165] ret_from_fork+0x1f/0x30
[ 90.157647][ T5165]
[ 90.160765][ T5165] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 90.168054][ T5165] CPU: 1 PID: 5165 Comm: segctord Not tainted 6.2.0-rc7-syzkaller-00018-g0983f6bf2bfc #0
[ 90.177865][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 90.187952][ T5165] Call Trace:
[ 90.191234][ T5165]
[ 90.194170][ T5165] dump_stack_lvl+0x1e7/0x2d0
[ 90.198888][ T5165] ? nf_tcp_handle_invalid+0x640/0x640
[ 90.204362][ T5165] ? panic+0x770/0x770
[ 90.208460][ T5165] ? vscnprintf+0x5d/0x80
[ 90.212834][ T5165] panic+0x31c/0x770
[ 90.216756][ T5165] ? __warn+0x16c/0x5f0
[ 90.220921][ T5165] ? memcpy_page_flushcache+0x100/0x100
[ 90.226500][ T5165] ? ret_from_fork+0x1f/0x30
[ 90.231128][ T5165] __warn+0x419/0x5f0
[ 90.235131][ T5165] ? nilfs_btree_assign+0xa9f/0xd10
[ 90.240363][ T5165] ? nilfs_btree_assign+0xa9f/0xd10
[ 90.245581][ T5165] report_bug+0x1bd/0x2d0
[ 90.249958][ T5165] handle_bug+0x3d/0x70
[ 90.254154][ T5165] exc_invalid_op+0x1a/0x50
[ 90.258703][ T5165] asm_exc_invalid_op+0x1a/0x20
[ 90.263568][ T5165] RIP: 0010:nilfs_btree_assign+0xa9f/0xd10
[ 90.269389][ T5165] Code: 00 0f 85 81 02 00 00 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 5d 90 3b fe 4c 8b 7c 24 38 eb a6 e8 51 90 3b fe <0f> 0b 41 be fe ff ff ff eb 97 44 89 f1 80 e1 07 80 c1 03 38 c1 0f
[ 90.291355][ T5165] RSP: 0018:ffffc90003e8f580 EFLAGS: 00010293
[ 90.297440][ T5165] RAX: ffffffff835041ff RBX: ffff888070d87368 RCX: ffff888027610000
[ 90.305423][ T5165] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe
[ 90.313418][ T5165] RBP: ffffc90003e8f6b0 R08: ffffffff83503b5b R09: ffffed100e5c8eaf
[ 90.327228][ T5165] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 90.335214][ T5165] R13: ffff8880286b4380 R14: 00000000fffffffe R15: 1ffff920007d1ec0
[ 90.343204][ T5165] ? nilfs_btree_assign+0x3fb/0xd10
[ 90.348419][ T5165] ? nilfs_btree_assign+0xa9f/0xd10
[ 90.353643][ T5165] ? read_lock_is_recursive+0x20/0x20
[ 90.359163][ T5165] ? nilfs_btree_lookup_dirty_buffers+0xfd0/0xfd0
[ 90.365679][ T5165] ? __up_read+0x670/0x670
[ 90.370113][ T5165] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.376120][ T5165] nilfs_bmap_assign+0x8b/0x160
[ 90.380989][ T5165] nilfs_segctor_do_construct+0x3a11/0x6f70
[ 90.386967][ T5165] ? nilfs_transaction_unlock+0x210/0x210
[ 90.392696][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.398171][ T5165] ? rcu_read_lock_sched_held+0x8d/0x130
[ 90.403910][ T5165] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.409924][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.415480][ T5165] ? __lock_acquire+0x1f80/0x1f80
[ 90.420526][ T5165] ? do_raw_spin_unlock+0x13b/0x8b0
[ 90.425742][ T5165] ? _raw_spin_unlock+0x28/0x40
[ 90.430606][ T5165] ? nilfs_segctor_confirm+0x24c/0x2d0
[ 90.436087][ T5165] nilfs_segctor_construct+0x145/0x8c0
[ 90.441567][ T5165] nilfs_segctor_thread+0x53a/0x1140
[ 90.446904][ T5165] ? nilfs_construction_timeout+0x40/0x40
[ 90.452631][ T5165] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 90.458533][ T5165] ? _raw_spin_unlock+0x40/0x40
[ 90.463429][ T5165] ? wake_bit_function+0x220/0x220
[ 90.468563][ T5165] ? _raw_spin_unlock+0x40/0x40
[ 90.473432][ T5165] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 90.479607][ T5165] ? __kthread_parkme+0x164/0x1c0
[ 90.484656][ T5165] kthread+0x270/0x300
[ 90.488730][ T5165] ? nilfs_construction_timeout+0x40/0x40
[ 90.494544][ T5165] ? kthread_blkcg+0xd0/0xd0
[ 90.499148][ T5165] ret_from_fork+0x1f/0x30
[ 90.503593][ T5165]
[ 90.506881][ T5165] Kernel Offset: disabled
[ 90.511309][ T5165] Rebooting in 86400 seconds..