./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2759090225 <...> Warning: Permanently added '10.128.1.142' (ECDSA) to the list of known hosts. execve("./syz-executor2759090225", ["./syz-executor2759090225"], 0x7fff884debe0 /* 10 vars */) = 0 brk(NULL) = 0x5555558a4000 brk(0x5555558a4c40) = 0x5555558a4c40 arch_prctl(ARCH_SET_FS, 0x5555558a4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555558a45d0) = 287 set_robust_list(0x5555558a45e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f9fd69a9660, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9fd69a9d30}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f9fd69a9700, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9fd69a9d30}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2759090225", 4096) = 28 brk(0x5555558c5c40) = 0x5555558c5c40 brk(0x5555558c6000) = 0x5555558c6000 mprotect(0x7f9fd6a6c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 287 mkdir("./syzkaller.ZhkiGT", 0700) = 0 chmod("./syzkaller.ZhkiGT", 0777) = 0 chdir("./syzkaller.ZhkiGT") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x5555558a45e0, 24) = 0 [pid 289] chdir("./0") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 289] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[290], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 290 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 290] memfd_create("syzkaller", 0) = 3 [pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 290] munmap(0x7f9fce578000, 262144) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 290] close(3) = 0 [pid 290] mkdir("./file1", 0777) = 0 [ 20.866940][ T24] audit: type=1400 audit(1686805836.970:66): avc: denied { execmem } for pid=287 comm="syz-executor275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.871033][ T24] audit: type=1400 audit(1686805836.970:67): avc: denied { read write } for pid=287 comm="syz-executor275" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.876850][ T24] audit: type=1400 audit(1686805836.970:68): avc: denied { open } for pid=287 comm="syz-executor275" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.881501][ T24] audit: type=1400 audit(1686805836.970:69): avc: denied { ioctl } for pid=287 comm="syz-executor275" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.893551][ T24] audit: type=1400 audit(1686805837.000:70): avc: denied { mounton } for pid=289 comm="syz-executor275" path="/root/syzkaller.ZhkiGT/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.923495][ T290] EXT4-fs (loop0): 1 orphan inode deleted [ 20.929225][ T290] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 20.938150][ T24] audit: type=1400 audit(1686805837.040:71): avc: denied { mount } for pid=289 comm="syz-executor275" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 290] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 290] chdir("./file1") = 0 [pid 290] ioctl(4, LOOP_CLR_FD) = 0 [pid 290] close(4) = 0 [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 0 [pid 290] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 289] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[294], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 294 [pid 289] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 290] fallocate(4, 0, 35143, 7) = 0 [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 294] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 294] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 0 [pid 290] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 290] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 290] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 294] <... futex resumed>) = 1 [pid 294] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... write resumed>) = 262144 [pid 290] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] exit_group(0) = ? [pid 290] <... futex resumed>) = ? [pid 290] +++ exited with 0 +++ [pid 294] <... futex resumed>) = ? [pid 294] +++ exited with 0 +++ [pid 289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 20.938208][ T290] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/0/file1 supports timestamps until 2038 (0x7fffffff) [ 20.979555][ T24] audit: type=1400 audit(1686805837.080:72): avc: denied { write } for pid=289 comm="syz-executor275" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.002378][ T24] audit: type=1400 audit(1686805837.080:73): avc: denied { add_name } for pid=289 comm="syz-executor275" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.023221][ T24] audit: type=1400 audit(1686805837.080:74): avc: denied { create } for pid=289 comm="syz-executor275" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x5555558a45e0, 24) = 0 [pid 296] chdir("./1") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 296] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[297], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 297 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 297] munmap(0x7f9fce578000, 262144) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] mkdir("./file1", 0777) = 0 [ 21.043444][ T24] audit: type=1400 audit(1686805837.080:75): avc: denied { read write open } for pid=289 comm="syz-executor275" path="/root/syzkaller.ZhkiGT/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 297] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 297] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file1") = 0 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 296] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[301], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 301 [pid 296] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] fallocate(4, 0, 35143, 7) = 0 [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 301] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 301] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 297] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 301] <... futex resumed>) = 1 [pid 301] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... write resumed>) = 262144 [pid 297] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] exit_group(0) = ? [pid 301] <... futex resumed>) = ? [pid 297] <... futex resumed>) = ? [pid 297] +++ exited with 0 +++ [pid 301] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 [ 21.093369][ T297] EXT4-fs (loop0): 1 orphan inode deleted [ 21.098997][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.108352][ T297] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/1/file1 supports timestamps until 2038 (0x7fffffff) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x5555558a45e0, 24) = 0 [pid 302] chdir("./2") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 302] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[303], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 303 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 303] munmap(0x7f9fce578000, 262144) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] mkdir("./file1", 0777) = 0 [pid 303] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file1") = 0 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 302] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[307], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 307 [pid 302] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] fallocate(4, 0, 35143, 7) = 0 [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 307] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 307] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 0 [pid 303] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 307] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 303] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] exit_group(0) = ? [pid 303] <... futex resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 307] <... futex resumed>) = ? [pid 307] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 21.243523][ T303] EXT4-fs (loop0): 1 orphan inode deleted [ 21.249145][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.257871][ T303] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/2/file1 supports timestamps until 2038 (0x7fffffff) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x5555558a45e0, 24) = 0 [pid 308] chdir("./3") = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 308] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[309], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 309 ./strace-static-x86_64: Process 309 attached [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 309] memfd_create("syzkaller", 0) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 309] munmap(0x7f9fce578000, 262144) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] close(3) = 0 [pid 309] mkdir("./file1", 0777) = 0 [pid 309] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 309] chdir("./file1") = 0 [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] close(4) = 0 [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 0 [pid 309] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 308] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[313], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 313 [pid 308] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] fallocate(4, 0, 35143, 7) = 0 ./strace-static-x86_64: Process 313 attached [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] set_robust_list(0x7f9fce5b79e0, 24 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... set_robust_list resumed>) = 0 [pid 313] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 313] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 0 [pid 309] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 313] <... futex resumed>) = 1 [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 309] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] exit_group(0) = ? [pid 313] <... futex resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 309] <... futex resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 21.413532][ T309] EXT4-fs (loop0): 1 orphan inode deleted [ 21.419583][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.428749][ T309] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/3/file1 supports timestamps until 2038 (0x7fffffff) umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x5555558a45e0, 24) = 0 [pid 314] chdir("./4") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 314] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[315], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 315 [pid 314] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 315] memfd_create("syzkaller", 0) = 3 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 315] munmap(0x7f9fce578000, 262144) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 315] close(3) = 0 [pid 315] mkdir("./file1", 0777) = 0 [pid 315] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("./file1") = 0 [pid 315] ioctl(4, LOOP_CLR_FD) = 0 [pid 315] close(4) = 0 [pid 315] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 315] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 0 [pid 315] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 315] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 315] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 314] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[319], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 319 [pid 314] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 319 attached [pid 315] <... futex resumed>) = 1 [pid 319] set_robust_list(0x7f9fce5b79e0, 24 [pid 315] fallocate(4, 0, 35143, 7 [pid 319] <... set_robust_list resumed>) = 0 [pid 315] <... fallocate resumed>) = 0 [pid 319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 319] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 1 [pid 319] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 319] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 1 [pid 319] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 319] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 1 [pid 319] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 315] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] <... write resumed>) = 262144 [pid 319] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] exit_group(0) = ? [pid 319] <... futex resumed>) = ? [pid 315] <... futex resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ [pid 314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 21.553403][ T315] EXT4-fs (loop0): 1 orphan inode deleted [ 21.559070][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.567963][ T315] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/4/file1 supports timestamps until 2038 (0x7fffffff) umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x5555558a45e0, 24) = 0 [pid 320] chdir("./5") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 320] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[321], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 321 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 321] memfd_create("syzkaller", 0) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 321] munmap(0x7f9fce578000, 262144) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 321] close(3) = 0 [pid 321] mkdir("./file1", 0777) = 0 [pid 321] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 321] chdir("./file1") = 0 [pid 321] ioctl(4, LOOP_CLR_FD) = 0 [pid 321] close(4) = 0 [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 320] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[325], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 325 [pid 320] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] fallocate(4, 0, 35143, 7) = 0 [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 325] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 0 [pid 321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 325] <... futex resumed>) = 1 [pid 325] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] <... write resumed>) = 262144 [pid 321] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] exit_group(0) = ? [pid 321] <... futex resumed>) = ? [pid 321] +++ exited with 0 +++ [pid 325] <... futex resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 [ 21.663608][ T321] EXT4-fs (loop0): 1 orphan inode deleted [ 21.669211][ T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.677964][ T321] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/5/file1 supports timestamps until 2038 (0x7fffffff) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x5555558a45e0, 24) = 0 [pid 327] chdir("./6") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 327] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[328], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 328 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 328] memfd_create("syzkaller", 0) = 3 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 328] munmap(0x7f9fce578000, 262144) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 328] close(3) = 0 [pid 328] mkdir("./file1", 0777) = 0 [pid 328] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 328] chdir("./file1") = 0 [pid 328] ioctl(4, LOOP_CLR_FD) = 0 [pid 328] close(4) = 0 [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 327] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[332], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 332 [pid 327] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] fallocate(4, 0, 35143, 7) = 0 [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 332] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 0 [pid 328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 332] <... futex resumed>) = 1 [pid 332] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] <... write resumed>) = 262144 [pid 328] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 328] <... futex resumed>) = 1 [pid 327] exit_group(0 [pid 328] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... exit_group resumed>) = ? [pid 328] <... futex resumed>) = ? [pid 332] <... futex resumed>) = ? [pid 332] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 21.763201][ T328] EXT4-fs (loop0): 1 orphan inode deleted [ 21.768920][ T328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.778054][ T328] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/6/file1 supports timestamps until 2038 (0x7fffffff) umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 333 attached , child_tidptr=0x5555558a45d0) = 333 [pid 333] set_robust_list(0x5555558a45e0, 24) = 0 [pid 333] chdir("./7") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 333] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 334 attached , parent_tid=[334], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 334 [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 334] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 334] munmap(0x7f9fce578000, 262144) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] mkdir("./file1", 0777) = 0 [pid 334] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file1") = 0 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... open resumed>) = -1 EFAULT (Bad address) [pid 333] <... futex resumed>) = 0 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... open resumed>) = 4 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 333] <... futex resumed>) = 0 [pid 334] fallocate(4, 0, 35143, 7 [pid 333] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... fallocate resumed>) = 0 [pid 333] <... futex resumed>) = 0 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 334] <... futex resumed>) = 0 [pid 333] <... mmap resumed>) = 0x7f9fce597000 [pid 334] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[338], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 338 ./strace-static-x86_64: Process 338 attached [pid 333] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] set_robust_list(0x7f9fce5b79e0, 24 [pid 333] <... futex resumed>) = 0 [pid 338] <... set_robust_list resumed>) = 0 [pid 333] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 338] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 338] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 334] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... open resumed>) = 5 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096 [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 333] <... futex resumed>) = 0 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 333] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... write resumed>) = 262144 [pid 334] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] exit_group(0 [pid 338] <... futex resumed>) = ? [pid 334] <... futex resumed>) = ? [pid 333] <... exit_group resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 21.883292][ T334] EXT4-fs (loop0): 1 orphan inode deleted [ 21.888889][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.897918][ T334] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/7/file1 supports timestamps until 2038 (0x7fffffff) umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x5555558a45e0, 24) = 0 [pid 339] chdir("./8") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 339] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[340], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 340 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 340] memfd_create("syzkaller", 0) = 3 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 340] munmap(0x7f9fce578000, 262144) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 340] close(3) = 0 [pid 340] mkdir("./file1", 0777) = 0 [pid 340] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 340] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 340] chdir("./file1") = 0 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 [pid 340] close(4) = 0 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 340] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... open resumed>) = -1 EFAULT (Bad address) [pid 339] <... futex resumed>) = 0 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... open resumed>) = 4 [pid 339] <... futex resumed>) = 0 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 339] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] fallocate(4, 0, 35143, 7 [pid 339] <... futex resumed>) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 340] <... fallocate resumed>) = 0 [pid 339] <... mmap resumed>) = 0x7f9fce597000 [pid 339] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[344], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 344 [pid 339] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 344] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 344] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 340] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... open resumed>) = 5 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 340] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 339] <... futex resumed>) = 0 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 339] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 1 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... write resumed>) = 262144 [pid 340] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 339] exit_group(0) = ? [pid 344] <... futex resumed>) = ? [pid 340] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 22.043772][ T340] EXT4-fs (loop0): 1 orphan inode deleted [ 22.050865][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.059578][ T340] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/8/file1 supports timestamps until 2038 (0x7fffffff) umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x5555558a45e0, 24) = 0 [pid 345] chdir("./9") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 345] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[346], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 346 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 346] memfd_create("syzkaller", 0) = 3 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 346] munmap(0x7f9fce578000, 262144) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 346] close(3) = 0 [pid 346] mkdir("./file1", 0777) = 0 [pid 346] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 346] chdir("./file1") = 0 [pid 346] ioctl(4, LOOP_CLR_FD) = 0 [pid 346] close(4) = 0 [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 0 [pid 346] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 345] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[350], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 350 [pid 345] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 346] <... futex resumed>) = 1 [pid 346] fallocate(4, 0, 35143, 7) = 0 [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 350] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 0 [pid 346] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 346] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] exit_group(0) = ? [pid 346] <... futex resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 350] <... futex resumed>) = ? [pid 350] +++ exited with 0 +++ [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 22.253372][ T346] EXT4-fs (loop0): 1 orphan inode deleted [ 22.258911][ T346] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.267840][ T346] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/9/file1 supports timestamps until 2038 (0x7fffffff) umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x5555558a45e0, 24) = 0 [pid 351] chdir("./10") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 351] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 351] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[352], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 352 ./strace-static-x86_64: Process 352 attached [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] set_robust_list(0x7f9fd69989e0, 24 [pid 351] <... futex resumed>) = 0 [pid 352] <... set_robust_list resumed>) = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 352] memfd_create("syzkaller", 0) = 3 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 352] munmap(0x7f9fce578000, 262144) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 352] close(3) = 0 [pid 352] mkdir("./file1", 0777) = 0 [pid 352] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 352] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 352] chdir("./file1") = 0 [pid 352] ioctl(4, LOOP_CLR_FD) = 0 [pid 352] close(4) = 0 [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 351] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 351] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[356], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 356 [pid 351] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] fallocate(4, 0, 35143, 7) = 0 [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 356] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 0 [pid 352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 356] <... futex resumed>) = 1 [pid 356] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] <... write resumed>) = 262144 [pid 352] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 351] exit_group(0 [pid 352] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 351] <... exit_group resumed>) = ? [pid 352] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 356] <... futex resumed>) = ? [pid 352] +++ exited with 0 +++ [pid 356] +++ exited with 0 +++ [pid 351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 22.363247][ T352] EXT4-fs (loop0): 1 orphan inode deleted [ 22.368851][ T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.377739][ T352] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/10/file1 supports timestamps until 2038 (0x7fffffff) umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x5555558a45e0, 24) = 0 [pid 357] chdir("./11") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 357] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[358], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 358 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 358] munmap(0x7f9fce578000, 262144) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] mkdir("./file1", 0777) = 0 [pid 358] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file1") = 0 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 357] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[362], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 362 [pid 357] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] fallocate(4, 0, 35143, 7) = 0 [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 362] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 0 [pid 358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 362] <... futex resumed>) = 1 [pid 362] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... write resumed>) = 262144 [pid 358] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] exit_group(0) = ? [pid 362] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 358] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 22.523309][ T358] EXT4-fs (loop0): 1 orphan inode deleted [ 22.529070][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.538423][ T358] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/11/file1 supports timestamps until 2038 (0x7fffffff) umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x5555558a45e0, 24) = 0 [pid 363] chdir("./12") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 363] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[364], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 364 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 364] munmap(0x7f9fce578000, 262144) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] mkdir("./file1", 0777) = 0 [pid 364] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file1") = 0 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 0 [pid 364] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 363] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[369], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 369 [pid 363] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] fallocate(4, 0, 35143, 7) = 0 [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9fd6a727a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 369] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 0 [pid 364] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 369] <... futex resumed>) = 1 [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 363] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... write resumed>) = 262144 [pid 364] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] exit_group(0) = ? [pid 369] <... futex resumed>) = ? [pid 369] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555558a5620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 22.723289][ T364] EXT4-fs (loop0): 1 orphan inode deleted [ 22.729142][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.738067][ T364] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/12/file1 supports timestamps until 2038 (0x7fffffff) umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555558ad660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555558ad660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555558a5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558a45d0) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x5555558a45e0, 24) = 0 [pid 370] chdir("./13") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fd6978000 [pid 370] mprotect(0x7f9fd6979000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] clone(child_stack=0x7f9fd69983f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[371], tls=0x7f9fd6998700, child_tidptr=0x7f9fd69989d0) = 371 [pid 370] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7f9fd69989e0, 24) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9fce578000 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 371] munmap(0x7f9fce578000, 262144) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] mkdir("./file1", 0777) = 0 [pid 371] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 371] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file1") = 0 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 370] <... futex resumed>) = 0 [pid 371] <... open resumed>) = -1 EFAULT (Bad address) [pid 370] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 370] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... open resumed>) = 4 [pid 371] futex(0x7f9fd6a727ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9fd6a727a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9fce597000 [pid 370] mprotect(0x7f9fce598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] clone(child_stack=0x7f9fce5b73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 371] fallocate(4, 0, 35143, 7 [pid 370] <... clone resumed>, parent_tid=[375], tls=0x7f9fce5b7700, child_tidptr=0x7f9fce5b79d0) = 375 [pid 370] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x7f9fce5b79e0, 24) = 0 [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 375] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 375] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 375] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9fd6a727b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9fd6a727bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 375] futex(0x7f9fd6a727bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [ 22.843209][ T371] EXT4-fs (loop0): 1 orphan inode deleted [ 22.848797][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.857655][ T371] ext4 filesystem being mounted at /root/syzkaller.ZhkiGT/13/file1 supports timestamps until 2038 (0x7fffffff) [ 22.879005][ T371] EXT4-fs error (device loop0): ext4_map_blocks:602: inode #3: block 9: comm syz-executor275: lblock 0 mapped to illegal pblock 9 (length 1) [ 22.893678][ T371] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5877: Out of memory [ 22.902790][ T371] EXT4-fs error (device loop0): ext4_dirty_inode:6087: inode #16: comm syz-executor275: mark_inode_dirty error [ 22.914684][ T371] ------------[ cut here ]------------ [ 22.920210][ T371] kernel BUG at fs/ext4/ext4.h:3247! [ 22.925548][ T371] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.932462][ T371] CPU: 0 PID: 371 Comm: syz-executor275 Not tainted 5.10.178-syzkaller-00238-g8a30c9beebe8 #0 [ 22.942741][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 22.954490][ T371] RIP: 0010:ext4_mb_find_by_goal+0xe18/0xe50 [ 22.960462][ T371] Code: 24 30 e9 be fb ff ff e8 06 c1 89 ff 48 bb 00 00 00 00 00 fc ff df e9 23 f7 ff ff e8 f2 c0 89 ff e9 05 f7 ff ff e8 e8 c0 89 ff <0f> 0b e8 81 c7 c8 02 e8 dc c0 89 ff 0f 0b e8 d5 c0 89 ff 0f 0b e8 [ 22.980754][ T371] RSP: 0018:ffffc90000e47220 EFLAGS: 00010293 [pid 375] futex(0x7f9fd6a727b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] exit_group(0 [pid 375] <... futex resumed>) = ? [pid 370] <... exit_group resumed>) = ? [pid 375] +++ exited with 0 +++ [ 22.986592][ T371] RAX: ffffffff81e0b8c8 RBX: 0000000000000001 RCX: ffff88810c323b40 [ 22.994386][ T371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 23.002290][ T371] RBP: ffffc90000e47330 R08: ffffffff81e0abdf R09: ffffed10238b8e12 [ 23.010097][ T371] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810cd493c8 [ 23.017907][ T371] R13: 0000000000000001 R14: 1ffff110219a9279 R15: 1ffff920001c8e54 [ 23.025822][ T371] FS: 00007f9fd6998700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.034683][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.041223][ T371] CR2: 0000000000000000 CR3: 000000011edc4000 CR4: 00000000003506b0 [ 23.049029][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.056840][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.064828][ T371] Call Trace: [ 23.067951][ T371] ? __kasan_slab_alloc+0xb1/0xe0 [ 23.072993][ T371] ? slab_post_alloc_hook+0x61/0x2f0 [ 23.078285][ T371] ? ext4_mb_use_inode_pa+0x510/0x510 [ 23.083478][ T371] ? ext4_fallocate+0x853/0x1cb0 [ 23.088278][ T371] ? vfs_fallocate+0x492/0x570 [ 23.092856][ T371] ? __x64_sys_fallocate+0xc0/0x110 [ 23.098005][ T371] ? do_syscall_64+0x34/0x70 [ 23.102438][ T371] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.108764][ T371] ext4_mb_regular_allocator+0x249/0x2030 [ 23.114508][ T371] ? ext4_mb_normalize_request+0x10f0/0x10f0 [ 23.120304][ T371] ? ext4_mb_new_blocks+0xf12/0x4430 [ 23.125603][ T371] ? ext4_mb_new_blocks+0xf12/0x4430 [ 23.130980][ T371] ext4_mb_new_blocks+0xfb1/0x4430 [ 23.135940][ T371] ? __kasan_kmalloc+0x9/0x10 [ 23.140439][ T371] ? __kmalloc+0x1aa/0x330 [ 23.144694][ T371] ? memset+0x35/0x40 [ 23.148509][ T371] ? ext4_mb_pa_callback+0xd0/0xd0 [ 23.153461][ T371] ? ext4_ext_search_right+0x4f5/0x900 [ 23.158751][ T371] ? ext4_inode_to_goal_block+0x2b2/0x3d0 [ 23.164305][ T371] ? ext4_ext_find_goal+0x117/0x200 [ 23.169338][ T371] ext4_ext_map_blocks+0x190e/0x6be0 [ 23.174723][ T371] ? kmem_cache_free+0xa9/0x1e0 [ 23.179404][ T371] ? ____kasan_slab_free+0x12c/0x160 [ 23.184536][ T371] ? __kasan_slab_free+0x11/0x20 [ 23.189306][ T371] ? ext4_ext_release+0x10/0x10 [ 23.193987][ T371] ? kmem_cache_free+0xa9/0x1e0 [ 23.198853][ T371] ? mb_cache_entry_create+0x488/0x750 [ 23.204152][ T371] ? mb_cache_entry_create+0x488/0x750 [ 23.209448][ T371] ? _raw_read_unlock+0x25/0x40 [ 23.214129][ T371] ? ext4_es_lookup_extent+0x33b/0x940 [ 23.219551][ T371] ext4_map_blocks+0xaa7/0x1f00 [ 23.224229][ T371] ? ext4_xattr_security_get+0x32/0x40 [ 23.229521][ T371] ? ext4_issue_zeroout+0x1b0/0x1b0 [ 23.234562][ T371] ? __kasan_check_read+0x11/0x20 [ 23.239512][ T371] ext4_alloc_file_blocks+0x3f4/0xcd0 [ 23.244715][ T371] ? trace_ext4_fallocate_enter+0x160/0x160 [ 23.250450][ T371] ? down_read_killable+0x220/0x220 [ 23.255473][ T371] ext4_fallocate+0x853/0x1cb0 [ 23.260069][ T371] ? avc_policy_seqno+0x1b/0x70 [ 23.264766][ T371] ? ext4_ext_truncate+0x200/0x200 [ 23.269708][ T371] ? fsnotify_perm+0x67/0x4e0 [ 23.275180][ T371] ? security_file_permission+0x7b/0xb0 [ 23.280553][ T371] ? preempt_count_add+0x92/0x1a0 [ 23.286322][ T371] vfs_fallocate+0x492/0x570 [ 23.290730][ T371] __x64_sys_fallocate+0xc0/0x110 [ 23.295585][ T371] do_syscall_64+0x34/0x70 [ 23.300056][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.305864][ T371] RIP: 0033:0x7f9fd69ec709 [ 23.310182][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.329796][ T371] RSP: 002b:00007f9fd69982f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 23.338038][ T371] RAX: ffffffffffffffda RBX: 00007f9fd6a727a0 RCX: 00007f9fd69ec709 [ 23.345858][ T371] RDX: 0000000000008947 RSI: 0000000000000000 RDI: 0000000000000004 [ 23.353672][ T371] RBP: 00007f9fd6a3f57c R08: 0000000000000000 R09: 0000000000000000 [ 23.361559][ T371] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f9fd6a3e578 [ 23.369372][ T371] R13: 0031656c69662f2e R14: 6f6f6c2f7665642f R15: 00007f9fd6a727a8 [ 23.377281][ T371] Modules linked in: [ 23.383108][ T371] ---[ end trace f94a316d0cf427d2 ]--- [ 23.388395][ T371] RIP: 0010:ext4_mb_find_by_goal+0xe18/0xe50 [ 23.394361][ T371] Code: 24 30 e9 be fb ff ff e8 06 c1 89 ff 48 bb 00 00 00 00 00 fc ff df e9 23 f7 ff ff e8 f2 c0 89 ff e9 05 f7 ff ff e8 e8 c0 89 ff <0f> 0b e8 81 c7 c8 02 e8 dc c0 89 ff 0f 0b e8 d5 c0 89 ff 0f 0b e8 [ 23.414898][ T371] RSP: 0018:ffffc90000e47220 EFLAGS: 00010293 [ 23.420771][ T371] RAX: ffffffff81e0b8c8 RBX: 0000000000000001 RCX: ffff88810c323b40 [ 23.428621][ T371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 23.436523][ T371] RBP: ffffc90000e47330 R08: ffffffff81e0abdf R09: ffffed10238b8e12 [ 23.444338][ T371] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810cd493c8 [ 23.452257][ T371] R13: 0000000000000001 R14: 1ffff110219a9279 R15: 1ffff920001c8e54 [ 23.460039][ T371] FS: 00007f9fd6998700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.469057][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.475635][ T371] CR2: 0000000000000000 CR3: 000000011edc4000 CR4: 00000000003506b0 [ 23.483455][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.491232][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.499068][ T371] Kernel panic - not syncing: Fatal exception [ 23.505365][ T371] Kernel Offset: disabled [ 23.509578][ T371] Rebooting in 86400 seconds..