./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor680055767 <...> Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. execve("./syz-executor680055767", ["./syz-executor680055767"], 0x7fffad6418f0 /* 10 vars */) = 0 brk(NULL) = 0x555557284000 brk(0x555557284e00) = 0x555557284e00 arch_prctl(ARCH_SET_FS, 0x555557284480) = 0 set_tid_address(0x555557284750) = 291 set_robust_list(0x555557284760, 24) = 0 rseq(0x555557284da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor680055767", 4096) = 27 getrandom("\xc4\x9c\x1b\x13\x55\x07\x32\x11", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557284e00 brk(0x5555572a5e00) = 0x5555572a5e00 brk(0x5555572a6000) = 0x5555572a6000 mprotect(0x7f98132d0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 291 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "291", 3) = 3 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f9813224d90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f981322d8a0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f9813224d90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f981322d8a0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555557284760, 24) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555557284750) = 292 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] mkdir("./syzkaller.R3VEDT", 0700./strace-static-x86_64: Process 293 attached [pid 291] <... clone resumed>, child_tidptr=0x555557284750) = 293 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] set_robust_list(0x555557284760, 24 [pid 291] <... clone resumed>, child_tidptr=0x555557284750) = 294 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] chmod("./syzkaller.R3VEDT", 0777) = 0 [pid 292] chdir("./syzkaller.R3VEDT") = 0 [pid 292] mkdir("./0", 0777 [pid 291] <... clone resumed>, child_tidptr=0x555557284750) = 295 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... mkdir resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 291] <... clone resumed>, child_tidptr=0x555557284750) = 296 [pid 293] mkdir("./syzkaller.IDdn8i", 0700 [pid 292] <... openat resumed>) = 3 [pid 293] <... mkdir resumed>) = 0 [pid 293] chmod("./syzkaller.IDdn8i", 0777) = 0 [pid 293] chdir("./syzkaller.IDdn8i") = 0 [pid 293] mkdir("./0", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 20.689584][ T30] audit: type=1400 audit(1714679455.537:66): avc: denied { execmem } for pid=291 comm="syz-executor680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.694215][ T30] audit: type=1400 audit(1714679455.537:67): avc: denied { integrity } for pid=291 comm="syz-executor680" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] set_robust_list(0x555557284760, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555557284750) = 298 [pid 294] mkdir("./syzkaller.s4TNI1", 0700) = 0 [pid 294] chmod("./syzkaller.s4TNI1", 0777) = 0 [pid 294] chdir("./syzkaller.s4TNI1") = 0 [pid 294] mkdir("./0", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557284750) = 299 [pid 296] set_robust_list(0x555557284760, 24) = 0 [pid 296] mkdir("./syzkaller.7u9Qfk", 0700 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 298 attached [pid 296] chmod("./syzkaller.7u9Qfk", 0777) = 0 [pid 296] chdir("./syzkaller.7u9Qfk") = 0 [pid 296] mkdir("./0", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3./strace-static-x86_64: Process 299 attached [pid 298] set_robust_list(0x555557284760, 24) = 0 [pid 299] set_robust_list(0x555557284760, 24 [pid 296] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557284750) = 300 [pid 295] set_robust_list(0x555557284760, 24) = 0 [pid 295] mkdir("./syzkaller.icBmgb", 0700) = 0 [pid 295] chmod("./syzkaller.icBmgb", 0777) = 0 [pid 295] chdir("./syzkaller.icBmgb") = 0 [pid 295] mkdir("./0", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557284750) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555557284760, 24) = 0 [pid 301] chdir("./0") = 0 [ 20.719266][ T30] audit: type=1400 audit(1714679455.567:68): avc: denied { read write } for pid=292 comm="syz-executor680" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.743740][ T30] audit: type=1400 audit(1714679455.577:69): avc: denied { open } for pid=292 comm="syz-executor680" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f980ae1b000 [pid 298] chdir("./0" [pid 299] <... set_robust_list resumed>) = 0 [pid 299] chdir("./0" [pid 298] <... chdir resumed>) = 0 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 300 attached [pid 299] <... chdir resumed>) = 0 [pid 298] <... prctl resumed>) = 0 [pid 300] set_robust_list(0x555557284760, 24 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] setpgid(0, 0 [pid 299] <... prctl resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] setpgid(0, 0 [pid 298] <... setpgid resumed>) = 0 [pid 300] chdir("./0" [pid 299] <... setpgid resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] write(3, "1000", 4 [pid 300] <... prctl resumed>) = 0 [pid 299] write(3, "1000", 4 [pid 298] <... write resumed>) = 4 [pid 300] setpgid(0, 0 [pid 299] <... write resumed>) = 4 [pid 300] <... setpgid resumed>) = 0 [pid 298] close(3 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] close(3 [pid 298] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs" [pid 300] <... openat resumed>) = 3 [pid 299] symlink("/dev/binderfs", "./binderfs" [pid 298] <... symlink resumed>) = 0 [pid 299] <... symlink resumed>) = 0 [pid 300] write(3, "1000", 4 [pid 298] memfd_create("syzkaller", 0 [pid 300] <... write resumed>) = 4 [pid 299] memfd_create("syzkaller", 0 [pid 300] close(3 [pid 298] <... memfd_create resumed>) = 3 [pid 299] <... memfd_create resumed>) = 3 [pid 300] <... close resumed>) = 0 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] symlink("/dev/binderfs", "./binderfs" [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... mmap resumed>) = 0x7f980ae1b000 [pid 300] <... symlink resumed>) = 0 [pid 300] memfd_create("syzkaller", 0 [pid 299] <... mmap resumed>) = 0x7f980ae1b000 [pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 301] <... write resumed>) = 1048576 [pid 301] munmap(0x7f980ae1b000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... memfd_create resumed>) = 3 [pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... write resumed>) = 1048576 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... write resumed>) = 1048576 [pid 300] <... mmap resumed>) = 0x7f980ae1b000 [pid 292] <... clone resumed>, child_tidptr=0x555557284750) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555557284760, 24) = 0 [pid 304] chdir("./0") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] memfd_create("syzkaller", 0) = 3 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f980ae1b000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] munmap(0x7f980ae1b000, 138412032 [pid 299] munmap(0x7f980ae1b000, 138412032 [pid 298] <... munmap resumed>) = 0 [pid 299] <... munmap resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] <... openat resumed>) = 4 [pid 299] <... openat resumed>) = 4 [pid 298] ioctl(4, LOOP_SET_FD, 3 [pid 299] ioctl(4, LOOP_SET_FD, 3 [ 20.772738][ T30] audit: type=1400 audit(1714679455.587:70): avc: denied { ioctl } for pid=293 comm="syz-executor680" path="/dev/loop1" dev="devtmpfs" ino=113 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.813785][ T301] loop3: detected capacity change from 0 to 2048 [ 20.830232][ T298] loop1: detected capacity change from 0 to 2048 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 304] munmap(0x7f980ae1b000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 301] <... ioctl resumed>) = 0 [pid 300] <... write resumed>) = 1048576 [pid 299] <... ioctl resumed>) = 0 [pid 301] close(3 [pid 300] munmap(0x7f980ae1b000, 138412032 [pid 299] close(3) = 0 [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] close(4 [pid 300] <... munmap resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] close(4 [pid 298] <... ioctl resumed>) = 0 [pid 301] close(4 [pid 300] <... openat resumed>) = 4 [pid 298] close(3 [pid 300] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 300] <... ioctl resumed>) = 0 [pid 298] close(4 [pid 300] close(3) = 0 [pid 300] close(4 [pid 301] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 301] mkdir("./file0", 0777 [pid 299] mkdir("./file0", 0777 [pid 301] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 301] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 299] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] mkdir("./file0", 0777 [pid 300] mkdir("./file0", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 298] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 300] <... mkdir resumed>) = 0 [ 20.836955][ T299] loop2: detected capacity change from 0 to 2048 [ 20.840680][ T304] loop0: detected capacity change from 0 to 2048 [ 20.855248][ T300] loop4: detected capacity change from 0 to 2048 [ 20.859465][ T30] audit: type=1400 audit(1714679455.707:71): avc: denied { mounton } for pid=304 comm="syz-executor680" path="/root/syzkaller.R3VEDT/0/file0" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 300] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 301] <... mount resumed>) = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 301] chdir("./file0") = 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] <... mount resumed>) = 0 [pid 298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 301] <... openat resumed>) = 4 [ 20.898879][ T298] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.899141][ T30] audit: type=1400 audit(1714679455.747:72): avc: denied { mount } for pid=301 comm="syz-executor680" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.910354][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 301] ioctl(4, LOOP_CLR_FD) = 0 [pid 301] close(4) = 0 [pid 301] chdir("./file0") = 0 [pid 301] creat("./bus", 000 [pid 298] <... openat resumed>) = 3 [pid 301] <... creat resumed>) = 4 [pid 301] openat(AT_FDCWD, "memory.swap.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 301] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 301] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 301] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 298] chdir("./file0") = 0 [pid 304] <... mount resumed>) = 0 [pid 301] <... mmap resumed>) = 0x20000000 [pid 300] <... mount resumed>) = 0 [pid 301] write(-1, 0x20001dc0, 4102) = -1 EBADF (Bad file descriptor) [ 20.944950][ T300] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.968699][ T299] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.974435][ T30] audit: type=1400 audit(1714679455.807:73): avc: denied { write } for pid=301 comm="syz-executor680" name="file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.980425][ T301] ================================================================== [ 21.006427][ T30] audit: type=1400 audit(1714679455.807:74): avc: denied { add_name } for pid=301 comm="syz-executor680" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.008969][ T301] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0 [pid 301] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 304] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 4 [pid 304] chdir("./file0" [pid 300] chdir("./file0" [pid 298] ioctl(4, LOOP_CLR_FD [pid 304] <... chdir resumed>) = 0 [pid 300] <... chdir resumed>) = 0 [pid 298] <... ioctl resumed>) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] close(4 [pid 304] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 304] ioctl(4, LOOP_CLR_FD [pid 300] ioctl(4, LOOP_CLR_FD [pid 298] chdir("./file0" [pid 304] <... ioctl resumed>) = 0 [pid 300] <... ioctl resumed>) = 0 [pid 298] <... chdir resumed>) = 0 [pid 304] close(4 [pid 300] close(4 [pid 298] creat("./bus", 000 [pid 304] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... creat resumed>) = 4 [pid 304] chdir("./file0" [pid 300] chdir("./file0" [pid 298] openat(AT_FDCWD, "memory.swap.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 304] <... chdir resumed>) = 0 [pid 300] <... chdir resumed>) = 0 [pid 298] <... openat resumed>) = 5 [pid 304] creat("./bus", 000 [pid 300] creat("./bus", 000 [pid 298] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 304] <... creat resumed>) = 4 [pid 300] <... creat resumed>) = 4 [pid 298] <... mount resumed>) = 0 [pid 304] openat(AT_FDCWD, "memory.swap.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] openat(AT_FDCWD, "memory.swap.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 304] <... openat resumed>) = 5 [pid 300] <... openat resumed>) = 5 [pid 298] <... open resumed>) = 6 [pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 300] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 298] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 304] <... mount resumed>) = 0 [pid 300] <... mount resumed>) = 0 [pid 304] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 300] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 304] <... open resumed>) = 6 [pid 300] <... open resumed>) = 6 [pid 304] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [ 21.029646][ T30] audit: type=1400 audit(1714679455.807:75): avc: denied { create } for pid=301 comm="syz-executor680" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.036484][ T301] Read of size 1 at addr ffff88811f1cf6e3 by task syz-executor680/301 [ 21.036500][ T301] [ 21.036504][ T301] CPU: 1 PID: 301 Comm: syz-executor680 Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.076846][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.086748][ T301] Call Trace: [ 21.089862][ T301] [ 21.092638][ T301] dump_stack_lvl+0x151/0x1b7 [pid 300] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 300] write(-1, 0x20001dc0, 4102) = -1 EBADF (Bad file descriptor) [pid 298] <... mmap resumed>) = 0x20000000 [pid 300] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 304] <... mmap resumed>) = 0x20000000 [pid 298] write(-1, 0x20001dc0, 4102 [pid 304] write(-1, 0x20001dc0, 4102 [pid 298] <... write resumed>) = -1 EBADF (Bad file descriptor) [ 21.096423][ T300] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 5: comm syz-executor680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0 [ 21.097241][ T301] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.121976][ T301] ? __wake_up_klogd+0xd5/0x110 [ 21.126659][ T301] ? panic+0x751/0x751 [ 21.127969][ T298] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 5: comm syz-executor680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0 [pid 304] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 298] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 304] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] <... mount resumed>) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 299] ioctl(4, LOOP_CLR_FD) = 0 [pid 299] close(4) = 0 [pid 299] chdir("./file0") = 0 [pid 299] creat("./bus", 000) = 4 [pid 299] openat(AT_FDCWD, "memory.swap.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 299] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [ 21.130652][ T301] ? down_read+0x947/0xf80 [ 21.150582][ T304] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 5: comm syz-executor680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0 [ 21.154083][ T301] print_address_description+0x87/0x3b0 [ 21.178651][ T301] kasan_report+0x179/0x1c0 [ 21.182990][ T301] ? ext4_search_dir+0xf7/0x1b0 [ 21.187677][ T301] ? ext4_search_dir+0xf7/0x1b0 [ 21.192362][ T301] __asan_report_load1_noabort+0x14/0x20 [ 21.193983][ T299] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #12: block 5: comm syz-executor680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0 [ 21.197825][ T301] ext4_search_dir+0xf7/0x1b0 [ 21.197847][ T301] ext4_find_inline_entry+0x4b6/0x5e0 [ 21.197871][ T301] ? __kasan_slab_alloc+0x80/0xe0 [ 21.231592][ T301] ? ext4_try_create_inline_dir+0x320/0x320 [ 21.237324][ T301] __ext4_find_entry+0x2b0/0x1af0 [ 21.242179][ T301] ? memcpy+0x56/0x70 [ 21.246001][ T301] ? avc_has_perm_noaudit+0x2dd/0x430 [ 21.251210][ T301] ? avc_denied+0x1b0/0x1b0 [ 21.255547][ T301] ? ext4_ci_compare+0x660/0x660 [ 21.260324][ T301] ? generic_set_encrypted_ci_d_ops+0x91/0xf0 [ 21.264296][ T293] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.266218][ T301] ext4_lookup+0x3c6/0xaa0 [ 21.266238][ T301] ? ext4_add_entry+0x12b0/0x12b0 [ 21.266256][ T301] ? selinux_inode_create+0x22/0x30 [ 21.293301][ T301] ? security_inode_create+0xbc/0x100 [ 21.298515][ T301] ? ext4_add_entry+0x12b0/0x12b0 [ 21.303368][ T301] path_openat+0x1194/0x2f40 [ 21.307695][ T293] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.310949][ T294] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.320725][ T301] ? do_filp_open+0x460/0x460 [ 21.320752][ T301] do_filp_open+0x21c/0x460 [ 21.320766][ T301] ? vfs_tmpfile+0x2c0/0x2c0 [ 21.338179][ T301] do_sys_openat2+0x13f/0x830 [ 21.344617][ T294] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.346935][ T301] ? cgroup_leave_frozen+0x164/0x2c0 [ 21.346978][ T301] ? do_sys_open+0x220/0x220 [ 21.363289][ T296] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.364381][ T301] ? ptrace_notify+0x24c/0x350 [ 21.370205][ T296] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.374015][ T301] __x64_sys_openat+0x243/0x290 [ 21.392401][ T292] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.404486][ T301] ? __ia32_sys_open+0x270/0x270 [ 21.404512][ T301] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 21.410115][ T292] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [ 21.422102][ T301] do_syscall_64+0x3d/0xb0 [ 21.422131][ T301] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.422162][ T301] RIP: 0033:0x7f98132627c9 [ 21.422181][ T301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 21.479379][ T301] RSP: 002b:00007fff8c21e328 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 21.487629][ T301] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f98132627c9 [ 21.495435][ T301] RDX: 000000000000275a RSI: 0000000020000280 RDI: 00000000ffffff9c [ 21.503248][ T301] RBP: 0000000000000000 R08: 00007fff8c21e5c0 R09: 00007fff8c21e5c0 [ 21.511059][ T301] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8c21e5c0 [ 21.518955][ T301] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007fff8c21e390 [ 21.526770][ T301] [ 21.529630][ T301] [ 21.531800][ T301] The buggy address belongs to the page: [ 21.537277][ T301] page:ffffea00047c73c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11f1cf [ 21.547549][ T301] flags: 0x4000000000000000(zone=1) [ 21.552586][ T301] raw: 4000000000000000 ffffea00047c7408 ffffea00047c7388 0000000000000000 [ 21.561003][ T301] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 21.569413][ T301] page dumped because: kasan: bad access detected [ 21.575677][ T301] page_owner info is not present (never set?) [ 21.581570][ T301] [ 21.583735][ T301] Memory state around the buggy address: [ 21.589235][ T301] ffff88811f1cf580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [pid 299] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 299] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 299] write(-1, 0x20001dc0, 4102) = -1 EBADF (Bad file descriptor) [pid 299] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ [pid 298] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 298] exit_group(0) = ? [pid 304] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 304] exit_group(0) = ? [pid 298] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x5555572857f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./0/binderfs") = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 293] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 293] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x55555728d830 /* 8 entries */, 32768) = 240 [pid 293] umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW [pid 304] +++ exited with 0 +++ [pid 299] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] exit_group(0) = ? [pid 299] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 293] <... umount2 resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 293] newfstatat(AT_FDCWD, "./0/file0/lost+found", [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x5555572857f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./0/binderfs") = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 294] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x55555728d830 /* 8 entries */, 32768) = 240 [pid 294] umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... newfstatat resumed>0x7fff8c21c180, AT_SYMLINK_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 293] exit_group(1) = ? [pid 293] +++ exited with 1 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=1, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... umount2 resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 294] newfstatat(AT_FDCWD, "./0/file0/lost+found", 0x7fff8c21c180, AT_SYMLINK_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 294] exit_group(1) = ? [pid 294] +++ exited with 1 +++ [pid 291] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=1, si_utime=0, si_stime=3} --- [pid 291] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555572857f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./0/binderfs") = 0 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 296] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 296] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x55555728d830 /* 8 entries */, 32768) = 240 [pid 296] umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 296] newfstatat(AT_FDCWD, "./0/file0/lost+found", 0x7fff8c21c180, AT_SYMLINK_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 296] exit_group(1) = ? [pid 296] +++ exited with 1 +++ [pid 291] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=1, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x5555572857f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./0/binderfs") = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 292] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x55555728d830 /* 8 entries */, 32768) = 240 [pid 292] umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 292] newfstatat(AT_FDCWD, "./0/file0/lost+found", 0x7fff8c21c180, AT_SYMLINK_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 292] exit_group(1) = ? [pid 292] +++ exited with 1 +++ [pid 291] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=1, si_utime=0, si_stime=7} --- [ 21.597108][ T301] ffff88811f1cf600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.605012][ T301] >ffff88811f1cf680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.612983][ T301] ^ [ 21.620017][ T301] ffff88811f1cf700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.627914][ T301] ffff88811f1cf780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.635808][ T301] ================================================================== [ 21.643708][ T301] Disabling lock debugging due to kernel taint [pid 291] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 301] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555572857f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=2048, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x55555728d830 /* 8 entries */, 32768) = 240 [pid 295] umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [pid 295] newfstatat(AT_FDCWD, "./0/file0/lost+found", 0x7fff8c21c180, AT_SYMLINK_NOFOLLOW) = -1 EUCLEAN (Structure needs cleaning) [ 21.650632][ T301] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #12: block 5: comm syz-executor680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0 [ 21.675346][ T295] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256) [pid 295] exit_group(1) = ? [pid 295] +++ exited with 1 +++ <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=1, si_utime=0, si_stime=3} --- [ 21.690091][ T295] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor680: iget: bad extra_isize 1328 (inode size 256)