./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1564489887 <...> [ 2.836855][ T30] audit: type=1400 audit(1673853968.230:9): avc: denied { append open } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.839882][ T30] audit: type=1400 audit(1673853968.230:10): avc: denied { getattr } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.886494][ T166] acpid (166) used greatest stack depth: 24200 bytes left [ 3.082623][ T181] udevd[181]: starting version 3.2.10 [ 3.106288][ T182] udevd[182]: starting eudev-3.2.10 [ 3.108234][ T181] udevd (181) used greatest stack depth: 22976 bytes left [ 16.006974][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 16.006985][ T30] audit: type=1400 audit(1673853981.420:60): avc: denied { transition } for pid=364 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.012121][ T30] audit: type=1400 audit(1673853981.420:61): avc: denied { write } for pid=364 comm="sh" path="pipe:[13317]" dev="pipefs" ino=13317 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 16.969565][ T365] sshd (365) used greatest stack depth: 22400 bytes left Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. execve("./syz-executor1564489887", ["./syz-executor1564489887"], 0x7ffe7c7da460 /* 10 vars */) = 0 brk(NULL) = 0x555555ba5000 brk(0x555555ba5c40) = 0x555555ba5c40 arch_prctl(ARCH_SET_FS, 0x555555ba5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555ba55d0) = 414 set_robust_list(0x555555ba55e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa8997637a0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa899763e70}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa899763840, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa899763e70}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1564489887", 4096) = 28 brk(0x555555bc6c40) = 0x555555bc6c40 brk(0x555555bc7000) = 0x555555bc7000 mprotect(0x7fa899826000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 414 mkdir("./syzkaller.v3GYhw", 0700) = 0 chmod("./syzkaller.v3GYhw", 0777) = 0 chdir("./syzkaller.v3GYhw") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555555ba55e0, 24) = 0 [pid 415] chdir("./0") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 415] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[417], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 417 [pid 415] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 417] munmap(0x7fa891332000, 1048576) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.361666][ T30] audit: type=1400 audit(1673853991.770:62): avc: denied { execmem } for pid=414 comm="syz-executor156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.381376][ T30] audit: type=1400 audit(1673853991.780:63): avc: denied { read write } for pid=414 comm="syz-executor156" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.399066][ T417] loop0: detected capacity change from 0 to 2048 [pid 417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 417] close(3) = 0 [pid 417] mkdir("./file0", 0777) = 0 [ 26.405864][ T30] audit: type=1400 audit(1673853991.780:64): avc: denied { open } for pid=414 comm="syz-executor156" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.435845][ T30] audit: type=1400 audit(1673853991.780:65): avc: denied { ioctl } for pid=414 comm="syz-executor156" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.461536][ T30] audit: type=1400 audit(1673853991.820:66): avc: denied { mounton } for pid=415 comm="syz-executor156" path="/root/syzkaller.v3GYhw/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.465160][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 417] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("./file0") = 0 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [pid 417] close(4) = 0 [pid 417] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 1 [pid 417] creat("./bus", 000) = 4 [pid 417] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 1 [pid 417] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 417] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 1 [ 26.496204][ T30] audit: type=1400 audit(1673853991.910:67): avc: denied { mount } for pid=415 comm="syz-executor156" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.518157][ T30] audit: type=1400 audit(1673853991.910:68): avc: denied { write } for pid=415 comm="syz-executor156" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.539818][ T30] audit: type=1400 audit(1673853991.910:69): avc: denied { add_name } for pid=415 comm="syz-executor156" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 417] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 415] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 415] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 415] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[421], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 421 [pid 415] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 421] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 421] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 421] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [ 26.560419][ T30] audit: type=1400 audit(1673853991.910:70): avc: denied { create } for pid=415 comm="syz-executor156" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.582157][ T30] audit: type=1400 audit(1673853991.910:71): avc: denied { write open } for pid=415 comm="syz-executor156" path="/root/syzkaller.v3GYhw/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 421] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] exit_group(0 [pid 421] <... futex resumed>) = ? [pid 415] <... exit_group resumed>) = ? [pid 421] +++ exited with 0 +++ [ 26.705227][ T88] ================================================================== [ 26.713128][ T88] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x387/0x530 [ 26.721616][ T88] Read of size 4 at addr ffff888104bab084 by task kworker/1:1/88 [ 26.729173][ T88] [ 26.731342][ T88] CPU: 1 PID: 88 Comm: kworker/1:1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 26.740894][ T88] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.750783][ T88] Workqueue: events p9_write_work [ 26.755643][ T88] Call Trace: [ 26.758764][ T88] [ 26.761544][ T88] dump_stack_lvl+0x151/0x1b7 [ 26.766322][ T88] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.771612][ T88] ? __wake_up_klogd+0xd9/0x110 [ 26.776298][ T88] ? panic+0x727/0x727 [ 26.780203][ T88] print_address_description+0x87/0x3d0 [ 26.785584][ T88] kasan_report+0x1a6/0x1f0 [ 26.789923][ T88] ? get_max_inline_xattr_value_size+0x387/0x530 [ 26.796084][ T88] ? get_max_inline_xattr_value_size+0x387/0x530 [ 26.802335][ T88] __asan_report_load4_noabort+0x14/0x20 [ 26.807804][ T88] get_max_inline_xattr_value_size+0x387/0x530 [ 26.813792][ T88] ext4_get_max_inline_size+0x142/0x200 [ 26.819186][ T88] ? ext4_ind_truncate_ensure_credits+0x790/0x790 [ 26.825419][ T88] ? pagecache_get_page+0xce3/0xdb0 [ 26.830478][ T88] ext4_try_to_write_inline_data+0xdd/0x11e0 [ 26.836272][ T88] ? __kasan_check_write+0x14/0x20 [ 26.841223][ T88] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 26.846425][ T88] ? zero_user_segment+0x380/0x380 [ 26.851372][ T88] ? __find_get_block+0xf81/0x1180 [ 26.856318][ T88] ? ext4_inode_journal_mode+0x1a3/0x470 [ 26.861786][ T88] ? ext4_writepage_trans_blocks+0x308/0x380 [ 26.867602][ T88] ext4_write_begin+0x23b/0x1360 [ 26.872374][ T88] ? __getblk_gfp+0x42/0x7d0 [ 26.876802][ T88] ? ext4_get_group_desc+0x2aa/0x320 [ 26.881920][ T88] ? __kasan_check_read+0x11/0x20 [ 26.886781][ T88] ? __ext4_get_inode_loc+0x50a/0xcf0 [ 26.891990][ T88] ? ext4_readahead+0x110/0x110 [ 26.896681][ T88] ? unlock_page_memcg+0x147/0x160 [ 26.901623][ T88] ? mark_buffer_dirty+0x1f4/0x310 [ 26.906571][ T88] ? mark_buffer_dirty+0x203/0x310 [ 26.911518][ T88] ? __ext4_handle_dirty_metadata+0x2f0/0x820 [ 26.917421][ T88] ? __kasan_check_write+0x14/0x20 [ 26.922374][ T88] ? ext4_mark_iloc_dirty+0x252a/0x3450 [ 26.927748][ T88] ext4_da_write_begin+0x4ac/0xbf0 [ 26.932696][ T88] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 26.937816][ T88] ? ext4_blocks_for_truncate+0x2d0/0x2d0 [ 26.943371][ T88] ? ext4_journal_check_start+0x16b/0x230 [ 26.948924][ T88] ? ext4_dirty_inode+0x8e/0x100 [ 26.953700][ T88] ? __ext4_journal_stop+0x36/0x1c0 [ 26.958732][ T88] ? ext4_dirty_inode+0xd0/0x100 [ 26.963505][ T88] ? __ext4_expand_extra_isize+0x3d0/0x3d0 [ 26.969148][ T88] ? fault_in_iov_iter_readable+0x4b/0x210 [ 26.974791][ T88] generic_perform_write+0x2cd/0x5d0 [ 26.979911][ T88] ? grab_cache_page_write_begin+0xa0/0xa0 [ 26.985550][ T88] ? down_write+0xdd/0x140 [ 26.989804][ T88] ? down_read_killable+0x250/0x250 [ 26.994837][ T88] ? avc_has_perm_noaudit+0x358/0x450 [ 27.000045][ T88] ? generic_write_checks+0x3d8/0x490 [ 27.005253][ T88] ext4_buffered_write_iter+0x49b/0x630 [ 27.010637][ T88] ext4_file_write_iter+0x448/0x1cc0 [ 27.015755][ T88] ? avc_has_perm+0x16d/0x260 [ 27.020271][ T88] ? avc_has_perm_noaudit+0x450/0x450 [ 27.025478][ T88] ? ext4_file_read_iter+0x4b0/0x4b0 [ 27.030597][ T88] ? iov_iter_kvec+0x53/0x180 [ 27.035117][ T88] __kernel_write+0x5ad/0xa60 [ 27.039893][ T88] ? vfs_read+0xd80/0xd80 [ 27.044047][ T88] ? native_set_ldt+0x360/0x360 [ 27.048737][ T88] ? __kasan_check_read+0x11/0x20 [ 27.053596][ T88] ? selinux_file_permission+0x401/0x520 [ 27.059065][ T88] ? security_file_permission+0xf3/0x5f0 [ 27.064531][ T88] ? _raw_spin_lock+0xa3/0x1b0 [ 27.069134][ T88] kernel_write+0x221/0x550 [ 27.073472][ T88] p9_write_work+0x5b9/0xd00 [ 27.077900][ T88] process_one_work+0x6db/0xc00 [ 27.082587][ T88] worker_thread+0xb3e/0x1340 [ 27.087135][ T88] kthread+0x41c/0x500 [ 27.091010][ T88] ? worker_clr_flags+0x180/0x180 [ 27.095862][ T88] ? kthread_blkcg+0xd0/0xd0 [ 27.100289][ T88] ret_from_fork+0x1f/0x30 [ 27.104543][ T88] [ 27.107409][ T88] [ 27.109576][ T88] Allocated by task 1: [ 27.113481][ T88] __kasan_slab_alloc+0xb2/0xe0 [ 27.118170][ T88] kmem_cache_alloc+0x189/0x2f0 [ 27.122855][ T88] acpi_ps_alloc_op+0x18d/0x38d [ 27.127542][ T88] acpi_ps_create_op+0x3f4/0xc67 [ 27.132317][ T88] acpi_ps_parse_loop+0x635/0x1bd8 [ 27.137264][ T88] acpi_ps_parse_aml+0x1d8/0x955 [ 27.142044][ T88] acpi_ps_execute_method+0x5ad/0x6c4 [ 27.147243][ T88] acpi_ns_evaluate+0x637/0xa0c [ 27.151932][ T88] acpi_ut_evaluate_object+0x14d/0x479 [ 27.157227][ T88] acpi_rs_get_method_data+0xaa/0x149 [ 27.162434][ T88] acpi_walk_resources+0x161/0x21d [ 27.167380][ T88] acpi_pci_link_get_current+0x218/0x490 [ 27.172849][ T88] acpi_pci_link_add+0x16f/0x3c0 [ 27.177623][ T88] acpi_bus_attach+0x823/0xc90 [ 27.182223][ T88] acpi_bus_attach+0x32c/0xc90 [ 27.186820][ T88] acpi_bus_attach+0x32c/0xc90 [ 27.191422][ T88] acpi_bus_scan+0x10a/0x200 [ 27.195848][ T88] acpi_scan_init+0x261/0x7a6 [ 27.200361][ T88] acpi_init+0x143/0x1f6 [ 27.204450][ T88] do_one_initcall+0x1b5/0x600 [ 27.209050][ T88] do_initcall_level+0x192/0x2f0 [ 27.213813][ T88] do_initcalls+0x50/0x94 [ 27.217982][ T88] do_basic_setup+0x81/0x8a [ 27.222322][ T88] kernel_init_freeable+0x2c2/0x3f8 [ 27.227354][ T88] kernel_init+0x1d/0x2a0 [ 27.231558][ T88] ret_from_fork+0x1f/0x30 [ 27.235772][ T88] [ 27.237942][ T88] The buggy address belongs to the object at ffff888104bab058 [ 27.237942][ T88] which belongs to the cache Acpi-Parse of size 56 [ 27.251743][ T88] The buggy address is located 44 bytes inside of [ 27.251743][ T88] 56-byte region [ffff888104bab058, ffff888104bab090) [ 27.264677][ T88] The buggy address belongs to the page: [ 27.270235][ T88] page:ffffea000412eac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888104bab478 pfn:0x104bab [ 27.281600][ T88] flags: 0x4000000000000200(slab|zone=1) [ 27.287163][ T88] raw: 4000000000000200 ffffea000412e9c0 0000001300000013 ffff88810004d800 [ 27.295576][ T88] raw: ffff888104bab478 00000000802e0000 00000001ffffffff 0000000000000000 [ 27.303991][ T88] page dumped because: kasan: bad access detected [ 27.310242][ T88] page_owner tracks the page as allocated [ 27.315794][ T88] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1340346636, free_ts 0 [ 27.330639][ T88] post_alloc_hook+0x1ab/0x1b0 [ 27.335236][ T88] get_page_from_freelist+0x38b/0x400 [ 27.340445][ T88] __alloc_pages+0x3a8/0x7c0 [ 27.344869][ T88] allocate_slab+0x62/0x580 [ 27.349210][ T88] ___slab_alloc+0x2e2/0x6f0 [ 27.353636][ T88] __slab_alloc+0x4a/0x90 [ 27.357889][ T88] kmem_cache_alloc+0x205/0x2f0 [ 27.362579][ T88] acpi_ps_alloc_op+0x18d/0x38d [ 27.367266][ T88] acpi_ps_create_op+0x3f4/0xc67 [ 27.372059][ T88] acpi_ps_parse_loop+0x635/0x1bd8 [ 27.376985][ T88] acpi_ps_parse_aml+0x1d8/0x955 [ 27.381756][ T88] acpi_ps_execute_method+0x5ad/0x6c4 [ 27.386963][ T88] acpi_ns_evaluate+0x637/0xa0c [ 27.391652][ T88] acpi_evaluate_object+0x58d/0xac6 [ 27.396687][ T88] acpi_evaluate_integer+0x112/0x230 [ 27.401808][ T88] acpi_bus_get_status+0x14e/0x250 [ 27.406752][ T88] page_owner free stack trace missing [ 27.411964][ T88] [ 27.414131][ T88] Memory state around the buggy address: [ 27.419602][ T88] ffff888104baaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.427499][ T88] ffff888104bab000: fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb [ 27.435398][ T88] >ffff888104bab080: fb fb fc fc fc fc fb fb fb fb fb fb fb fc fc fc [ 27.443293][ T88] ^ [ 27.447201][ T88] ffff888104bab100: fc fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [pid 417] <... mount resumed>) = ? [pid 417] +++ exited with 0 +++ [pid 415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 [ 27.455102][ T88] ffff888104bab180: fb fb fb fc fc fc fc fb fb fb fb fb fb fb fc fc [ 27.463080][ T88] ================================================================== [ 27.470979][ T88] Disabling lock debugging due to kernel taint [ 27.480384][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555555ba55e0, 24) = 0 [pid 424] chdir("./1") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 424] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 425 [pid 424] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 425] memfd_create("syzkaller", 0) = 3 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7fa891332000, 1048576) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 425] close(3) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 425] chdir("./file0") = 0 [pid 425] ioctl(4, LOOP_CLR_FD) = 0 [pid 425] close(4) = 0 [pid 425] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 425] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 0 [pid 425] creat("./bus", 000) = 4 [pid 425] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 425] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [ 27.568430][ T425] loop0: detected capacity change from 0 to 2048 [ 27.594728][ T425] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 425] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 424] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7fa8914319e0, 24 [pid 424] <... clone resumed>, parent_tid=[428], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 428 [pid 428] <... set_robust_list resumed>) = 0 [pid 424] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... mount resumed>) = 0 [pid 428] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 428] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 428] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = 1 [pid 428] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] exit_group(0) = ? [pid 428] <... futex resumed>) = ? [pid 428] +++ exited with 0 +++ [pid 425] <... mount resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 27.781936][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x555555ba55e0, 24) = 0 [pid 429] chdir("./2") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 429] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 429] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[430], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 430 [pid 429] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7fa891332000, 1048576) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("./file0") = 0 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 0 [pid 430] creat("./bus", 000) = 4 [pid 430] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 430] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [ 27.881648][ T430] loop0: detected capacity change from 0 to 2048 [ 27.904462][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 430] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 429] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 429] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 429] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 434 attached , parent_tid=[434], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 434 [pid 434] set_robust_list(0x7fa8914319e0, 24 [pid 429] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] <... set_robust_list resumed>) = 0 [pid 429] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 434] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 1 [pid 434] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 434] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 1 [pid 434] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 434] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 434] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] exit_group(0 [pid 434] <... futex resumed>) = ? [pid 429] <... exit_group resumed>) = ? [pid 434] +++ exited with 0 +++ [pid 430] <... mount resumed>) = ? [pid 430] +++ exited with 0 +++ [pid 429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 [ 28.092946][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555555ba55e0, 24) = 0 [pid 435] chdir("./3") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 435] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[436], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 436 [pid 435] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 436] munmap(0x7fa891332000, 1048576) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 436] close(3) = 0 [pid 436] mkdir("./file0", 0777) = 0 [pid 436] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("./file0") = 0 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] creat("./bus", 000) = 4 [pid 436] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 436] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [ 28.168074][ T436] loop0: detected capacity change from 0 to 2048 [ 28.194488][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 436] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 435] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 435] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 435] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 435] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[439], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 439 [pid 435] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 439] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... futex resumed>) = 1 [pid 439] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 439] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... futex resumed>) = 1 [pid 439] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 439] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 439] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] exit_group(0 [pid 439] <... futex resumed>) = ? [pid 435] <... exit_group resumed>) = ? [pid 439] +++ exited with 0 +++ [pid 436] <... mount resumed>) = ? [pid 436] +++ exited with 0 +++ [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 28.376614][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555555ba55e0, 24) = 0 [pid 441] chdir("./4") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 441] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[442], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 442 [pid 441] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 442] memfd_create("syzkaller", 0) = 3 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7fa891332000, 1048576) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 442] close(3) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("./file0") = 0 [pid 442] ioctl(4, LOOP_CLR_FD) = 0 [pid 442] close(4) = 0 [pid 442] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] creat("./bus", 000) = 4 [pid 442] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 442] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [ 28.499752][ T442] loop0: detected capacity change from 0 to 2048 [ 28.524539][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 442] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 441] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 441] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 441] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 441] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 445 attached , parent_tid=[445], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 445 [pid 445] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 445] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... futex resumed>) = 0 [pid 445] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 445] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 445] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 445] <... futex resumed>) = 1 [pid 441] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 445] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] <... futex resumed>) = 0 [pid 445] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] exit_group(0 [pid 445] <... futex resumed>) = ? [pid 441] <... exit_group resumed>) = ? [pid 445] +++ exited with 0 +++ [pid 442] <... mount resumed>) = ? [pid 442] +++ exited with 0 +++ [pid 441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 28.723436][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x555555ba55e0, 24) = 0 [pid 446] chdir("./5") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 446] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 447] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] <... clone resumed>, parent_tid=[447], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 447 [pid 446] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 446] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 447] memfd_create("syzkaller", 0) = 3 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 447] munmap(0x7fa891332000, 1048576) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 447] close(3) = 0 [pid 447] mkdir("./file0", 0777) = 0 [pid 447] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 447] chdir("./file0") = 0 [pid 447] ioctl(4, LOOP_CLR_FD) = 0 [pid 447] close(4) = 0 [pid 447] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 0 [pid 447] creat("./bus", 000) = 4 [pid 447] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 447] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [ 28.842801][ T447] loop0: detected capacity change from 0 to 2048 [ 28.856251][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 447] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 446] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 450 attached , parent_tid=[450], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 450 [pid 450] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 450] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 446] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... mount resumed>) = 0 [pid 450] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 446] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... openat resumed>) = 6 [pid 450] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 450] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 446] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... write resumed>) = 2057 [pid 450] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 450] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] exit_group(0 [pid 450] <... futex resumed>) = ? [pid 450] +++ exited with 0 +++ [pid 446] <... exit_group resumed>) = ? [pid 447] <... mount resumed>) = ? [pid 447] +++ exited with 0 +++ [pid 446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 29.045747][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x555555ba55e0, 24) = 0 [pid 451] chdir("./6") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 451] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[452], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 452 [pid 451] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7fa891332000, 1048576) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 452] chdir("./file0") = 0 [pid 452] ioctl(4, LOOP_CLR_FD) = 0 [pid 452] close(4) = 0 [pid 452] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] creat("./bus", 000) = 4 [pid 452] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 452] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 0 [ 29.118942][ T452] loop0: detected capacity change from 0 to 2048 [ 29.134550][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 452] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 451] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 451] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 451] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 451] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[455], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 455 ./strace-static-x86_64: Process 455 attached [pid 451] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 455] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... futex resumed>) = 1 [pid 455] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 455] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... futex resumed>) = 1 [pid 455] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 455] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 455] <... futex resumed>) = 1 [pid 455] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] exit_group(0 [pid 455] <... futex resumed>) = ? [pid 451] <... exit_group resumed>) = ? [pid 455] +++ exited with 0 +++ [pid 452] <... mount resumed>) = ? [pid 452] +++ exited with 0 +++ [pid 451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 29.323145][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x555555ba55e0, 24) = 0 [pid 456] chdir("./7") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 456] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 457 attached , parent_tid=[457], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 457 [pid 457] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 457] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 457] munmap(0x7fa891332000, 1048576) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] mkdir("./file0", 0777) = 0 [pid 457] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./file0") = 0 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] creat("./bus", 000) = 4 [pid 457] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 457] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [ 29.446392][ T457] loop0: detected capacity change from 0 to 2048 [ 29.474316][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 457] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 456] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 456] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 456] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x7fa8914319e0, 24 [pid 456] <... clone resumed>, parent_tid=[461], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 461 [pid 461] <... set_robust_list resumed>) = 0 [pid 456] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... mount resumed>) = 0 [pid 461] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 461] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 461] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 461] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] exit_group(0 [pid 461] <... futex resumed>) = ? [pid 456] <... exit_group resumed>) = ? [pid 461] +++ exited with 0 +++ [pid 457] <... mount resumed>) = ? [pid 457] +++ exited with 0 +++ [pid 456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 29.662126][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 462 ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x555555ba55e0, 24) = 0 [pid 462] chdir("./8") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 462] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 462] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[463], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 463 [pid 462] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 463] memfd_create("syzkaller", 0) = 3 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 463] munmap(0x7fa891332000, 1048576) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 463] close(3) = 0 [pid 463] mkdir("./file0", 0777) = 0 [pid 463] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 463] chdir("./file0") = 0 [pid 463] ioctl(4, LOOP_CLR_FD) = 0 [pid 463] close(4) = 0 [pid 463] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] creat("./bus", 000) = 4 [pid 463] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 463] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [ 29.729225][ T463] loop0: detected capacity change from 0 to 2048 [ 29.744581][ T463] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 463] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 462] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 462] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 462] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 462] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x7fa8914319e0, 24 [pid 462] <... clone resumed>, parent_tid=[466], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 466 [pid 466] <... set_robust_list resumed>) = 0 [pid 466] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 462] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 466] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 466] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 466] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 466] <... futex resumed>) = 1 [pid 466] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 462] exit_group(0) = ? [pid 466] <... futex resumed>) = ? [pid 466] +++ exited with 0 +++ [pid 463] <... mount resumed>) = ? [pid 463] +++ exited with 0 +++ [pid 462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 29.937657][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 467 ./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x555555ba55e0, 24) = 0 [pid 467] chdir("./9") = 0 [pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 467] setpgid(0, 0) = 0 [pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 467] write(3, "1000", 4) = 4 [pid 467] close(3) = 0 [pid 467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 467] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 467] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 467] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[468], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 468 [pid 467] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 468] munmap(0x7fa891332000, 1048576) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 468] close(3) = 0 [pid 468] mkdir("./file0", 0777) = 0 [pid 468] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 468] chdir("./file0") = 0 [pid 468] ioctl(4, LOOP_CLR_FD) = 0 [pid 468] close(4) = 0 [pid 468] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... futex resumed>) = 1 [pid 468] creat("./bus", 000) = 4 [pid 468] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... futex resumed>) = 1 [pid 468] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 468] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... futex resumed>) = 1 [ 30.039326][ T468] loop0: detected capacity change from 0 to 2048 [ 30.054425][ T468] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 468] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 467] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 467] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 467] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 467] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 471] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 467] <... clone resumed>, parent_tid=[471], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 471 [pid 467] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 467] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 0 [pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 471] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 471] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 471] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 467] <... futex resumed>) = 0 [pid 471] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 467] exit_group(0 [pid 471] <... futex resumed>) = ? [pid 467] <... exit_group resumed>) = ? [pid 471] +++ exited with 0 +++ [pid 468] <... mount resumed>) = ? [pid 468] +++ exited with 0 +++ [pid 467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 30.244751][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 472 ./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x555555ba55e0, 24) = 0 [pid 472] chdir("./10") = 0 [pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 472] setpgid(0, 0) = 0 [pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 472] write(3, "1000", 4) = 4 [pid 472] close(3) = 0 [pid 472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 472] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 472] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 472] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[473], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 473 [pid 472] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 473] memfd_create("syzkaller", 0) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 473] munmap(0x7fa891332000, 1048576) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 473] close(3) = 0 [pid 473] mkdir("./file0", 0777) = 0 [pid 473] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 473] chdir("./file0") = 0 [pid 473] ioctl(4, LOOP_CLR_FD) = 0 [pid 473] close(4) = 0 [pid 473] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] creat("./bus", 000 [pid 472] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... creat resumed>) = 4 [pid 473] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] openat(AT_FDCWD, "/dev/zero", O_RDONLY [pid 472] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... openat resumed>) = 5 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 0 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 473] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 472] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.329814][ T473] loop0: detected capacity change from 0 to 2048 [ 30.344468][ T473] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 472] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 472] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 472] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 472] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 472] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 476 attached , parent_tid=[476], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 476 [pid 476] set_robust_list(0x7fa8914319e0, 24 [pid 472] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... set_robust_list resumed>) = 0 [pid 472] <... futex resumed>) = 0 [pid 476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 472] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... mount resumed>) = 0 [pid 476] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 476] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 476] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... write resumed>) = 2057 [pid 476] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 476] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] exit_group(0) = ? [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 0 +++ [pid 473] <... mount resumed>) = ? [pid 473] +++ exited with 0 +++ [pid 472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=472, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 478 ./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x555555ba55e0, 24) = 0 [pid 478] chdir("./11") = 0 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] setpgid(0, 0) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 478] write(3, "1000", 4) = 4 [ 30.532668][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 478] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 478] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[479], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 479 [pid 478] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 479] memfd_create("syzkaller", 0) = 3 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 479] munmap(0x7fa891332000, 1048576) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 479] close(3) = 0 [pid 479] mkdir("./file0", 0777) = 0 [pid 479] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 479] chdir("./file0") = 0 [pid 479] ioctl(4, LOOP_CLR_FD) = 0 [pid 479] close(4) = 0 [pid 479] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 0 [pid 479] creat("./bus", 000) = 4 [pid 479] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 479] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [ 30.601156][ T479] loop0: detected capacity change from 0 to 2048 [ 30.624649][ T479] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 479] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 478] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 478] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 478] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 478] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 478] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 482] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] <... clone resumed>, parent_tid=[482], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 482 [pid 478] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 482] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 482] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 482] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 482] <... futex resumed>) = 1 [pid 482] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] exit_group(0 [pid 482] <... futex resumed>) = ? [pid 478] <... exit_group resumed>) = ? [pid 482] +++ exited with 0 +++ [pid 479] <... mount resumed>) = ? [pid 479] +++ exited with 0 +++ [pid 478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 30.814593][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x555555ba55e0, 24) = 0 [pid 483] chdir("./12") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 483] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[484], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 484 [pid 483] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 484] munmap(0x7fa891332000, 1048576) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 484] chdir("./file0") = 0 [pid 484] ioctl(4, LOOP_CLR_FD) = 0 [pid 484] close(4) = 0 [pid 484] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] creat("./bus", 000) = 4 [pid 484] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 484] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [ 30.915023][ T484] loop0: detected capacity change from 0 to 2048 [ 30.934637][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 484] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 483] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 483] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 487 attached , parent_tid=[487], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 487 [pid 487] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 487] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 487] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 483] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 487] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... futex resumed>) = 0 [pid 487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... write resumed>) = 2057 [pid 487] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 487] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] exit_group(0 [pid 487] <... futex resumed>) = ? [pid 483] <... exit_group resumed>) = ? [pid 487] +++ exited with 0 +++ [pid 484] <... mount resumed>) = ? [pid 484] +++ exited with 0 +++ [pid 483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 488 ./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x555555ba55e0, 24) = 0 [pid 488] chdir("./13") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 488] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[489], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 489 [pid 488] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 489] memfd_create("syzkaller", 0) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [ 31.122335][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7fa891332000, 1048576) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 489] close(3) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 489] chdir("./file0") = 0 [pid 489] ioctl(4, LOOP_CLR_FD) = 0 [pid 489] close(4) = 0 [pid 489] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] creat("./bus", 000) = 4 [pid 489] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] openat(AT_FDCWD, "/dev/zero", O_RDONLY [pid 488] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... openat resumed>) = 5 [pid 489] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 31.186356][ T489] loop0: detected capacity change from 0 to 2048 [ 31.204522][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 489] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 488] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 488] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 492 attached , parent_tid=[492], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 492 [pid 492] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 492] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 0 [pid 492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 492] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 492] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 492] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 492] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] exit_group(0 [pid 492] <... futex resumed>) = ? [pid 488] <... exit_group resumed>) = ? [pid 492] +++ exited with 0 +++ [pid 489] <... mount resumed>) = ? [pid 489] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 31.391807][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x555555ba55e0, 24) = 0 [pid 493] chdir("./14") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 493] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 494 attached , parent_tid=[494], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 494 [pid 494] set_robust_list(0x7fa8997529e0, 24 [pid 493] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 494] <... set_robust_list resumed>) = 0 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7fa891332000, 1048576) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 494] close(3) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 494] chdir("./file0") = 0 [pid 494] ioctl(4, LOOP_CLR_FD) = 0 [pid 494] close(4) = 0 [pid 494] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] creat("./bus", 000 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... creat resumed>) = 4 [pid 494] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 493] <... futex resumed>) = 0 [ 31.482861][ T494] loop0: detected capacity change from 0 to 2048 [ 31.494624][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 493] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 493] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 493] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 498 attached , parent_tid=[498], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 498 [pid 498] set_robust_list(0x7fa8914319e0, 24 [pid 493] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... set_robust_list resumed>) = 0 [pid 498] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 498] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 498] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 498] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 498] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] exit_group(0 [pid 498] <... futex resumed>) = ? [pid 493] <... exit_group resumed>) = ? [pid 498] +++ exited with 0 +++ [pid 494] <... mount resumed>) = ? [pid 494] +++ exited with 0 +++ [pid 493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 31.690629][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x555555ba55e0, 24) = 0 [pid 499] chdir("./15") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 499] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[500], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 500 [pid 499] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 500] memfd_create("syzkaller", 0) = 3 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 500] munmap(0x7fa891332000, 1048576) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 500] close(3) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 500] chdir("./file0") = 0 [pid 500] ioctl(4, LOOP_CLR_FD) = 0 [pid 500] close(4) = 0 [pid 500] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] creat("./bus", 000) = 4 [pid 500] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 500] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [ 31.798453][ T500] loop0: detected capacity change from 0 to 2048 [ 31.814524][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 500] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 499] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 499] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x7fa8914319e0, 24 [pid 499] <... clone resumed>, parent_tid=[503], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 503 [pid 503] <... set_robust_list resumed>) = 0 [pid 499] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... mount resumed>) = 0 [pid 503] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 503] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 503] <... futex resumed>) = 1 [pid 499] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 499] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... write resumed>) = 2057 [pid 503] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 503] <... futex resumed>) = 1 [pid 503] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] exit_group(0 [pid 503] <... futex resumed>) = ? [pid 499] <... exit_group resumed>) = ? [pid 503] +++ exited with 0 +++ [pid 500] <... mount resumed>) = ? [pid 500] +++ exited with 0 +++ [pid 499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 32.013089][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 504 ./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x555555ba55e0, 24) = 0 [pid 504] chdir("./16") = 0 [pid 504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 504] setpgid(0, 0) = 0 [pid 504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 504] write(3, "1000", 4) = 4 [pid 504] close(3) = 0 [pid 504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 504] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 504] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 504] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 505 attached , parent_tid=[505], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 505 [pid 505] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 505] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] memfd_create("syzkaller", 0 [pid 504] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 505] <... memfd_create resumed>) = 3 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 505] munmap(0x7fa891332000, 1048576) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 505] close(3) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 505] chdir("./file0") = 0 [pid 505] ioctl(4, LOOP_CLR_FD) = 0 [pid 505] close(4) = 0 [pid 505] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] creat("./bus", 000) = 4 [pid 505] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 505] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [ 32.117989][ T505] loop0: detected capacity change from 0 to 2048 [ 32.134418][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 505] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 504] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 504] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 504] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 504] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 508] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] <... clone resumed>, parent_tid=[508], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 508 [pid 504] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 508] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 508] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 508] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 508] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 508] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] exit_group(0 [pid 508] <... futex resumed>) = ? [pid 504] <... exit_group resumed>) = ? [pid 508] +++ exited with 0 +++ [pid 505] <... mount resumed>) = ? [pid 505] +++ exited with 0 +++ [pid 504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=504, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 32.324461][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 509 ./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x555555ba55e0, 24) = 0 [pid 509] chdir("./17") = 0 [pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 509] setpgid(0, 0) = 0 [pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 509] write(3, "1000", 4) = 4 [pid 509] close(3) = 0 [pid 509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 509] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 509] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 510 attached , parent_tid=[510], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 510 [pid 510] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 510] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] <... futex resumed>) = 0 [pid 510] memfd_create("syzkaller", 0 [pid 509] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 510] <... memfd_create resumed>) = 3 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7fa891332000, 1048576) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 510] close(3) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 510] chdir("./file0") = 0 [pid 510] ioctl(4, LOOP_CLR_FD) = 0 [pid 510] close(4) = 0 [pid 510] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 0 [pid 510] creat("./bus", 000) = 4 [pid 510] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 510] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] <... futex resumed>) = 0 [pid 510] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 509] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.425771][ T510] loop0: detected capacity change from 0 to 2048 [ 32.444478][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 509] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 509] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 509] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x7fa8914319e0, 24 [pid 509] <... clone resumed>, parent_tid=[514], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 514 [pid 509] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... set_robust_list resumed>) = 0 [pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... mount resumed>) = 0 [pid 514] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... openat resumed>) = 6 [pid 514] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 514] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] <... futex resumed>) = 0 [pid 514] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] exit_group(0) = ? [pid 514] <... futex resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 510] <... mount resumed>) = ? [pid 510] +++ exited with 0 +++ [pid 509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 32.637502][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 515 ./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x555555ba55e0, 24) = 0 [pid 515] chdir("./18") = 0 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 515] setpgid(0, 0) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 515] write(3, "1000", 4) = 4 [pid 515] close(3) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 515] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 515] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 515] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 516 attached , parent_tid=[516], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 516 [pid 515] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 516] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 516] memfd_create("syzkaller", 0) = 3 [pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 516] munmap(0x7fa891332000, 1048576) = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 516] close(3) = 0 [pid 516] mkdir("./file0", 0777) = 0 [pid 516] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 516] chdir("./file0") = 0 [pid 516] ioctl(4, LOOP_CLR_FD) = 0 [pid 516] close(4) = 0 [pid 516] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 516] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 515] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 0 [pid 516] creat("./bus", 000) = 4 [pid 516] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [pid 516] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 516] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [ 32.762638][ T516] loop0: detected capacity change from 0 to 2048 [ 32.775974][ T516] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 516] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 515] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 515] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 515] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 515] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[519], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 519 [pid 515] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 519] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 519] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 519] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 519] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 519] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 515] exit_group(0) = ? [pid 519] <... futex resumed>) = ? [pid 519] +++ exited with 0 +++ [pid 516] <... mount resumed>) = ? [pid 516] +++ exited with 0 +++ [pid 515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=515, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 32.956811][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555555ba55e0, 24) = 0 [pid 520] chdir("./19") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 520] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[521], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 521 ./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x7fa8997529e0, 24 [pid 520] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... set_robust_list resumed>) = 0 [pid 520] <... futex resumed>) = 0 [pid 521] memfd_create("syzkaller", 0) = 3 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 520] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 521] munmap(0x7fa891332000, 1048576) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 521] close(3) = 0 [pid 521] mkdir("./file0", 0777) = 0 [ 33.044947][ T521] loop0: detected capacity change from 0 to 2048 [pid 521] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 521] chdir("./file0") = 0 [pid 521] ioctl(4, LOOP_CLR_FD) = 0 [pid 521] close(4) = 0 [pid 521] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] creat("./bus", 000) = 4 [pid 521] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 521] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [ 33.088049][ T521] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 521] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 520] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 520] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 520] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 524] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... clone resumed>, parent_tid=[524], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 524 [pid 520] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 520] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... mount resumed>) = 0 [pid 524] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 520] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... openat resumed>) = 6 [pid 524] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 520] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... write resumed>) = 2057 [pid 524] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 524] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] exit_group(0 [pid 524] <... futex resumed>) = ? [pid 520] <... exit_group resumed>) = ? [pid 524] +++ exited with 0 +++ [pid 521] <... mount resumed>) = ? [pid 521] +++ exited with 0 +++ [pid 520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x555555ba55e0, 24) = 0 [pid 525] chdir("./20") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 525] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 525] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 526 attached , parent_tid=[526], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 526 [pid 525] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 526] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 526] memfd_create("syzkaller", 0) = 3 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [ 33.273078][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 526] munmap(0x7fa891332000, 1048576) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 526] close(3) = 0 [pid 526] mkdir("./file0", 0777) = 0 [pid 526] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 526] chdir("./file0") = 0 [pid 526] ioctl(4, LOOP_CLR_FD) = 0 [pid 526] close(4) = 0 [pid 526] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] creat("./bus", 000) = 4 [pid 526] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 526] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 525] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 525] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 525] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 525] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 529 attached , parent_tid=[529], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 529 [pid 529] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 529] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 525] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 0 [pid 529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 529] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 1 [pid 529] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [ 33.338760][ T526] loop0: detected capacity change from 0 to 2048 [ 33.354404][ T526] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 529] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 1 [pid 529] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 529] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 1 [pid 529] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 525] exit_group(0 [pid 529] <... futex resumed>) = ? [pid 525] <... exit_group resumed>) = ? [pid 529] +++ exited with 0 +++ [pid 526] <... mount resumed>) = ? [pid 526] +++ exited with 0 +++ [pid 525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=525, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 [ 33.538529][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 531 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x555555ba55e0, 24) = 0 [pid 531] chdir("./21") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 531] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 531] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[532], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 532 [pid 531] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 532] munmap(0x7fa891332000, 1048576) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] close(3) = 0 [pid 532] mkdir("./file0", 0777) = 0 [pid 532] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 532] chdir("./file0") = 0 [pid 532] ioctl(4, LOOP_CLR_FD) = 0 [pid 532] close(4) = 0 [pid 532] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] creat("./bus", 000) = 4 [pid 532] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 532] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 532] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 531] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.609745][ T532] loop0: detected capacity change from 0 to 2048 [ 33.624669][ T532] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 531] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 531] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 531] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 535 attached , parent_tid=[535], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 535 [pid 535] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 535] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 0 [pid 535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 535] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 535] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 535] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 535] <... futex resumed>) = 1 [pid 535] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] exit_group(0) = ? [pid 535] <... futex resumed>) = ? [pid 535] +++ exited with 0 +++ [pid 532] <... mount resumed>) = ? [pid 532] +++ exited with 0 +++ [pid 531] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=531, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 33.813405][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 536 ./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x555555ba55e0, 24) = 0 [pid 536] chdir("./22") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 536] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[537], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 537 [pid 536] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 537] memfd_create("syzkaller", 0) = 3 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 537] munmap(0x7fa891332000, 1048576) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 537] close(3) = 0 [pid 537] mkdir("./file0", 0777) = 0 [pid 537] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 537] chdir("./file0") = 0 [pid 537] ioctl(4, LOOP_CLR_FD) = 0 [pid 537] close(4) = 0 [pid 537] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] creat("./bus", 000) = 4 [pid 537] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 537] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [ 33.897493][ T537] loop0: detected capacity change from 0 to 2048 [ 33.914307][ T537] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 537] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 536] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 536] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 536] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 536] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x7fa8914319e0, 24 [pid 536] <... clone resumed>, parent_tid=[540], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 540 [pid 540] <... set_robust_list resumed>) = 0 [pid 536] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 536] <... futex resumed>) = 0 [pid 540] <... mount resumed>) = 0 [pid 536] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 540] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 536] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... openat resumed>) = 6 [pid 540] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 540] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 536] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... write resumed>) = 2057 [pid 540] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 540] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] exit_group(0 [pid 540] <... futex resumed>) = ? [pid 536] <... exit_group resumed>) = ? [pid 540] +++ exited with 0 +++ [pid 537] <... mount resumed>) = ? [pid 537] +++ exited with 0 +++ [pid 536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=536, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 34.095687][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 541 ./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x555555ba55e0, 24) = 0 [pid 541] chdir("./23") = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 541] setpgid(0, 0) = 0 [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1000", 4) = 4 [pid 541] close(3) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 541] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 541] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 541] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[542], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 542 ./strace-static-x86_64: Process 542 attached [pid 541] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 542] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 542] memfd_create("syzkaller", 0) = 3 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 542] munmap(0x7fa891332000, 1048576) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 542] close(3) = 0 [pid 542] mkdir("./file0", 0777) = 0 [pid 542] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 542] chdir("./file0") = 0 [pid 542] ioctl(4, LOOP_CLR_FD) = 0 [pid 542] close(4) = 0 [pid 542] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] creat("./bus", 000) = 4 [pid 542] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 542] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 34.196216][ T542] loop0: detected capacity change from 0 to 2048 [ 34.214400][ T542] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 542] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 541] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 541] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[545], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 545 [pid 541] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 545] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 545] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 545] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 545] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 545] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] exit_group(0) = ? [pid 545] <... futex resumed>) = ? [pid 545] +++ exited with 0 +++ [pid 542] <... mount resumed>) = ? [pid 542] +++ exited with 0 +++ [pid 541] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=541, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 34.403897][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 546 ./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x555555ba55e0, 24) = 0 [pid 546] chdir("./24") = 0 [pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 546] setpgid(0, 0) = 0 [pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 546] write(3, "1000", 4) = 4 [pid 546] close(3) = 0 [pid 546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 546] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 546] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 547 attached [pid 547] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 547] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] <... clone resumed>, parent_tid=[547], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 547 [pid 546] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 547] <... futex resumed>) = 0 [pid 547] memfd_create("syzkaller", 0) = 3 [pid 547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 547] munmap(0x7fa891332000, 1048576) = 0 [pid 547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 547] close(3) = 0 [pid 547] mkdir("./file0", 0777) = 0 [pid 547] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 547] chdir("./file0") = 0 [pid 547] ioctl(4, LOOP_CLR_FD) = 0 [pid 547] close(4) = 0 [pid 547] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 0 [pid 547] creat("./bus", 000) = 4 [pid 547] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 547] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [ 34.480208][ T547] loop0: detected capacity change from 0 to 2048 [ 34.504834][ T547] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 547] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 546] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 546] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 551 attached , parent_tid=[551], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 551 [pid 546] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 551] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 551] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 551] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 1 [pid 551] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 551] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 551] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] exit_group(0 [pid 551] <... futex resumed>) = ? [pid 546] <... exit_group resumed>) = ? [pid 551] +++ exited with 0 +++ [pid 547] <... mount resumed>) = ? [pid 547] +++ exited with 0 +++ [pid 546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=546, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 34.692299][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 552 ./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x555555ba55e0, 24) = 0 [pid 552] chdir("./25") = 0 [pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 552] setpgid(0, 0) = 0 [pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 552] write(3, "1000", 4) = 4 [pid 552] close(3) = 0 [pid 552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 552] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 552] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 552] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 553 attached , parent_tid=[553], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 553 [pid 552] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] set_robust_list(0x7fa8997529e0, 24 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 553] <... set_robust_list resumed>) = 0 [pid 553] memfd_create("syzkaller", 0) = 3 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 553] munmap(0x7fa891332000, 1048576) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 553] close(3) = 0 [pid 553] mkdir("./file0", 0777) = 0 [pid 553] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 553] chdir("./file0") = 0 [pid 553] ioctl(4, LOOP_CLR_FD) = 0 [pid 553] close(4) = 0 [pid 553] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] creat("./bus", 000) = 4 [pid 553] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 553] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [ 34.800381][ T553] loop0: detected capacity change from 0 to 2048 [ 34.814645][ T553] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 553] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 552] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 552] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 552] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 552] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 556 attached , parent_tid=[556], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 556 [pid 552] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] set_robust_list(0x7fa8914319e0, 24 [pid 552] <... futex resumed>) = 0 [pid 556] <... set_robust_list resumed>) = 0 [pid 552] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 556] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 552] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... openat resumed>) = 6 [pid 556] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... write resumed>) = 2057 [pid 556] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 552] <... futex resumed>) = 0 [pid 556] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 552] exit_group(0 [pid 556] <... futex resumed>) = ? [pid 552] <... exit_group resumed>) = ? [pid 556] +++ exited with 0 +++ [pid 553] <... mount resumed>) = ? [pid 553] +++ exited with 0 +++ [pid 552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=552, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 35.008464][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 557 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x555555ba55e0, 24) = 0 [pid 557] chdir("./26") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 557] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 557] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[558], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 558 [pid 557] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 558] memfd_create("syzkaller", 0) = 3 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 558] munmap(0x7fa891332000, 1048576) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 558] close(3) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 558] chdir("./file0") = 0 [pid 558] ioctl(4, LOOP_CLR_FD) = 0 [pid 558] close(4) = 0 [pid 558] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] creat("./bus", 000) = 4 [pid 558] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 558] <... futex resumed>) = 1 [pid 557] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 558] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 35.120091][ T558] loop0: detected capacity change from 0 to 2048 [ 35.134432][ T558] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 558] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 557] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 557] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 557] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 557] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 561 attached , parent_tid=[561], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 561 [pid 561] set_robust_list(0x7fa8914319e0, 24 [pid 557] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... set_robust_list resumed>) = 0 [pid 561] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... mount resumed>) = 0 [pid 561] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 561] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 561] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 561] <... futex resumed>) = 1 [pid 561] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] exit_group(0 [pid 561] <... futex resumed>) = ? [pid 557] <... exit_group resumed>) = ? [pid 561] +++ exited with 0 +++ [pid 558] <... mount resumed>) = ? [pid 558] +++ exited with 0 +++ [pid 557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=557, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 562 ./strace-static-x86_64: Process 562 attached [pid 562] set_robust_list(0x555555ba55e0, 24) = 0 [pid 562] chdir("./27") = 0 [pid 562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 562] setpgid(0, 0) = 0 [pid 562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 562] write(3, "1000", 4) = 4 [pid 562] close(3) = 0 [ 35.326560][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr [pid 562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 562] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 562] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 562] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[563], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 563 ./strace-static-x86_64: Process 563 attached [pid 562] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 563] memfd_create("syzkaller", 0) = 3 [pid 563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 563] munmap(0x7fa891332000, 1048576) = 0 [pid 563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 563] close(3) = 0 [pid 563] mkdir("./file0", 0777) = 0 [pid 563] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 563] chdir("./file0") = 0 [pid 563] ioctl(4, LOOP_CLR_FD) = 0 [pid 563] close(4) = 0 [pid 563] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... futex resumed>) = 1 [pid 563] creat("./bus", 000) = 4 [pid 563] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... futex resumed>) = 1 [pid 563] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 563] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 563] <... futex resumed>) = 1 [pid 563] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 562] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 562] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [ 35.397198][ T563] loop0: detected capacity change from 0 to 2048 [ 35.414232][ T563] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 562] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 562] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 566 attached , parent_tid=[566], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 566 [pid 566] set_robust_list(0x7fa8914319e0, 24 [pid 562] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... set_robust_list resumed>) = 0 [pid 566] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 566] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 566] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 562] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 566] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 566] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] exit_group(0) = ? [pid 566] <... futex resumed>) = ? [pid 566] +++ exited with 0 +++ [pid 563] <... mount resumed>) = ? [pid 563] +++ exited with 0 +++ [pid 562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=562, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 35.600559][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 568 ./strace-static-x86_64: Process 568 attached [pid 568] set_robust_list(0x555555ba55e0, 24) = 0 [pid 568] chdir("./28") = 0 [pid 568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 568] setpgid(0, 0) = 0 [pid 568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 568] write(3, "1000", 4) = 4 [pid 568] close(3) = 0 [pid 568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 568] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 568] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 568] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[569], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 569 [pid 568] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 569] memfd_create("syzkaller", 0) = 3 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7fa891332000, 1048576) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 569] close(3) = 0 [pid 569] mkdir("./file0", 0777) = 0 [pid 569] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 569] chdir("./file0") = 0 [pid 569] ioctl(4, LOOP_CLR_FD) = 0 [pid 569] close(4) = 0 [pid 569] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 568] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... futex resumed>) = 0 [pid 569] creat("./bus", 000) = 4 [pid 569] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... futex resumed>) = 1 [pid 569] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 569] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... futex resumed>) = 1 [ 35.715651][ T569] loop0: detected capacity change from 0 to 2048 [ 35.734367][ T569] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 569] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 568] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 568] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 568] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 568] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 568] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 572] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 568] <... clone resumed>, parent_tid=[572], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 572 [pid 568] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 568] <... futex resumed>) = 1 [pid 572] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 568] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... mount resumed>) = 0 [pid 572] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 572] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 572] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 568] <... futex resumed>) = 0 [pid 572] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 568] exit_group(0 [pid 572] <... futex resumed>) = ? [pid 568] <... exit_group resumed>) = ? [pid 572] +++ exited with 0 +++ [pid 569] <... mount resumed>) = ? [pid 569] +++ exited with 0 +++ [pid 568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=568, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 35.920919][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 573 ./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x555555ba55e0, 24) = 0 [pid 573] chdir("./29") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 573] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x7fa8997529e0, 24 [pid 573] <... clone resumed>, parent_tid=[574], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 574 [pid 574] <... set_robust_list resumed>) = 0 [pid 573] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 574] memfd_create("syzkaller", 0) = 3 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 574] munmap(0x7fa891332000, 1048576) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 574] close(3) = 0 [pid 574] mkdir("./file0", 0777) = 0 [pid 574] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 574] chdir("./file0") = 0 [pid 574] ioctl(4, LOOP_CLR_FD) = 0 [pid 574] close(4) = 0 [pid 574] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] creat("./bus", 000) = 4 [pid 574] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 574] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [ 36.043592][ T574] loop0: detected capacity change from 0 to 2048 [ 36.064331][ T574] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 574] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 573] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 573] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 573] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 573] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[577], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 577 [pid 573] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 577] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 577] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 1 [pid 577] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 577] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 1 [pid 577] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 577] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 577] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] exit_group(0 [pid 577] <... futex resumed>) = ? [pid 573] <... exit_group resumed>) = ? [pid 577] +++ exited with 0 +++ [pid 574] <... mount resumed>) = ? [pid 574] +++ exited with 0 +++ [pid 573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=573, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 36.248017][ T20] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/0:1: corrupted in-inode xattr umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 578 ./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x555555ba55e0, 24) = 0 [pid 578] chdir("./30") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 578] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 578] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 578] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[579], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 579 [pid 578] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 579] memfd_create("syzkaller", 0) = 3 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [pid 579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 579] munmap(0x7fa891332000, 1048576) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 579] close(3) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 579] chdir("./file0") = 0 [pid 579] ioctl(4, LOOP_CLR_FD) = 0 [pid 579] close(4) = 0 [pid 579] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 1 [pid 579] creat("./bus", 000) = 4 [pid 579] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 1 [pid 579] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 579] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 1 [ 36.359125][ T579] loop0: detected capacity change from 0 to 2048 [ 36.374440][ T579] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 579] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 578] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 578] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 578] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 578] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 578] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 582 attached , parent_tid=[582], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 582 [pid 578] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 582] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 582] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 582] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 582] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 582] futex(0x7fa89982c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] exit_group(0 [pid 582] <... futex resumed>) = ? [pid 578] <... exit_group resumed>) = ? [pid 582] +++ exited with 0 +++ [pid 579] <... mount resumed>) = ? [pid 579] +++ exited with 0 +++ [pid 578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=578, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555ba6620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555bae660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555bae660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555ba6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba55d0) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x555555ba55e0, 24) = 0 [pid 584] chdir("./31") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa899732000 [pid 584] mprotect(0x7fa899733000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 584] clone(child_stack=0x7fa8997523f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[585], tls=0x7fa899752700, child_tidptr=0x7fa8997529d0) = 585 [pid 584] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x7fa8997529e0, 24) = 0 [pid 585] memfd_create("syzkaller", 0) = 3 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa891332000 [ 36.564090][ T88] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2201: inode #18: comm kworker/1:1: corrupted in-inode xattr [pid 585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7fa891332000, 1048576) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 585] close(3) = 0 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 585] chdir("./file0") = 0 [pid 585] ioctl(4, LOOP_CLR_FD) = 0 [pid 585] close(4) = 0 [pid 585] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] futex(0x7fa89982c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 0 [pid 585] creat("./bus", 000) = 4 [pid 585] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [pid 585] openat(AT_FDCWD, "/dev/zero", O_RDONLY) = 5 [pid 585] futex(0x7fa89982c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7fa89982c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [ 36.627742][ T585] loop0: detected capacity change from 0 to 2048 [ 36.644373][ T585] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 585] mount(NULL, "./file0", "9p", MS_NOSUID|MS_SYNCHRONOUS|MS_REC|MS_LAZYTIME, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,nodevmap,fscache,version=9p2000.L,afid=0x"... [pid 584] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 584] futex(0x7fa89982c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 584] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa891411000 [pid 584] mprotect(0x7fa891412000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 584] clone(child_stack=0x7fa8914313f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[588], tls=0x7fa891431700, child_tidptr=0x7fa8914319d0) = 588 [pid 584] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 588 attached [pid 588] set_robust_list(0x7fa8914319e0, 24) = 0 [pid 588] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 588] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 588] <... futex resumed>) = 1 [pid 588] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 588] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7fa89982c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7fa89982c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 588] <... futex resumed>) = 1 [pid 588] write(6, "\xdd\xc8\xe4\xec\xc3\x37\x3a\x4d\x97\x06\xd8\xc2\x43\x38\xe9\x3e\x9e\xdf\x88\x45\xe4\x54\xf3\x20\xc2\x70\xeb\x5c\x88\xfc\x75\xee\xbe\xb8\xa2\x54\x40\x91\x8f\xc4\x65\x13\x23\x29\xd7\x2b\x11\x62\xd5\x58\x3d\x59\x03\x19\x37\x54\x14\xe6\x90\x0e\x9b\x30\x4d\x16\x7d\x7a\x7b\xc9\x3c\x12\x21\x40\x24\x48\xf0\x3c\xfc\xf8\xdf\x96\xb7\x71\x7e\x00\xb6\x44\x8c\x5c\xf3\xf7\xac\xd4\xcf\xf2\xdf\xc5\x27\xe9\x14\xaa"..., 2057) = 2057 [pid 588] futex(0x7fa89982c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 588] <... futex resumed>) = 1